You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@shardingsphere.apache.org by du...@apache.org on 2022/10/27 01:56:24 UTC
[shardingsphere] branch master updated: feat(doc): update release doc for on cloud (#21781)
This is an automated email from the ASF dual-hosted git repository.
duanzhengqiang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shardingsphere.git
The following commit(s) were added to refs/heads/master by this push:
new e0b55cd797a feat(doc): update release doc for on cloud (#21781)
e0b55cd797a is described below
commit e0b55cd797a86154e2cee0a35ec0dcc49077490b
Author: Ghoul_Lee <wi...@gmail.com>
AuthorDate: Thu Oct 27 09:56:17 2022 +0800
feat(doc): update release doc for on cloud (#21781)
* feat(release): release doc update
* feat(release): release doc update for Templates
* feat(release): release doc update for gpg
---
.../involved/release/shardingsphere-on-cloud.cn.md | 184 ++++++++++++++++++---
.../involved/release/shardingsphere-on-cloud.en.md | 184 +++++++++++++++++++--
2 files changed, 331 insertions(+), 37 deletions(-)
diff --git a/docs/community/content/involved/release/shardingsphere-on-cloud.cn.md b/docs/community/content/involved/release/shardingsphere-on-cloud.cn.md
index 3fe67f67cc2..9e1240af00e 100644
--- a/docs/community/content/involved/release/shardingsphere-on-cloud.cn.md
+++ b/docs/community/content/involved/release/shardingsphere-on-cloud.cn.md
@@ -43,6 +43,107 @@ Release Note 需提供中文/英文两种版本,确认中英文描述是否明
1. 确认 `${RELEASE.VERSION}` 的 Milestone 完成状态为 100%;
1. 点击 `Close` 关闭 Milestone。
+## GPG 设置
+
+### 1. 安装 GPG
+
+在 [GnuPG 官网](https://www.gnupg.org/download/index.html)下载安装包。
+GnuPG 的 1.x 版本和 2.x 版本的命令有细微差别,下列说明以 `GnuPG-2.1.23` 版本为例。
+
+安装完成后,执行以下命令查看版本号。
+
+```shell
+gpg --version
+```
+
+### 2. 创建 key
+
+安装完成后,执行以下命令创建 key。
+
+`GnuPG-2.x` 可使用:
+
+```shell
+gpg --full-gen-key
+```
+
+`GnuPG-1.x` 可使用:
+
+```shell
+gpg --gen-key
+```
+
+根据提示完成 key:
+
+> 注意:请使用 Apache mail 生成 GPG 的 Key。
+
+```shell
+gpg (GnuPG) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc.
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Please select what kind of key you want:
+ (1) RSA and RSA (default)
+ (2) DSA and Elgamal
+ (3) DSA (sign only)
+ (4) RSA (sign only)
+Your selection? 1
+RSA keys may be between 1024 and 4096 bits long.
+What keysize do you want? (2048) 4096
+Requested keysize is 4096 bits
+Please specify how long the key should be valid.
+ 0 = key does not expire
+ <n> = key expires in n days
+ <n>w = key expires in n weeks
+ <n>m = key expires in n months
+ <n>y = key expires in n years
+Key is valid for? (0)
+Key does not expire at all
+Is this correct? (y/N) y
+
+GnuPG needs to construct a user ID to identify your key.
+
+Real name: ${输入用户名}
+Email address: ${输入邮件地址}
+Comment: ${输入注释}
+You selected this USER-ID:
+ "${输入的用户名} (${输入的注释}) <${输入的邮件地址}>"
+
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
+You need a Passphrase to protect your secret key. # 输入密码
+```
+
+### 3. 查看生成的 key
+
+```shell
+gpg --list-keys
+```
+
+执行结果:
+
+```shell
+pub 4096R/700E6065 2019-03-20
+uid ${用户名} (${注释}) <{邮件地址}>
+sub 4096R/0B7EF5B2 2019-03-20
+```
+
+其中 700E6065 为公钥 ID。
+
+### 4. 导出 v1 版本密钥
+
+``` shell
+gpg --export >~/.gnupg/pubring.gpg
+gpg --export-secret-keys >~/.gnupg/secring.gpg
+```
+
+### 5. 将公钥同步到服务器
+
+命令如下:
+
+```shell
+gpg --keyserver hkp://keyserver.ubuntu.com --send-key 700E6065
+```
+
+`keyserver.ubuntu.com` 为随意挑选的公钥服务器,每个服务器之间是自动同步的,选任意一个即可。
## 准备发布分支
@@ -65,9 +166,9 @@ git push origin ${RELEASE.VERSION}-release
在发布分支上更新 `Chart.yaml` 文件中的版本:
```
-~/shardingsphere-on-cloud/charts/shardingsphere-operator/Chart.yaml
-~/shardingsphere-on-cloud/charts/shardingsphere-operator-cluster/Chart.yaml
-~/shardingsphere-on-cloud/charts/shardingsphere-proxy/Chart.yaml
+~/shardingsphere-on-cloud/charts/apache-shardingsphere-operator-charts/Chart.yaml
+~/shardingsphere-on-cloud/charts/apache-shardingsphere-operator-cluster-charts/Chart.yaml
+~/shardingsphere-on-cloud/charts/apache-shardingsphere-proxy-charts/Chart.yaml
```
将 `version` 修改为 `${RELEASE.VERSION}`,`appVersion` 修改为对应的应用版本,并提交 PR 到发布分支。
@@ -86,22 +187,22 @@ git push origin --tags
打包 charts 之前需要通过 `helm dependency build` 命令下载依赖的包,然后再对 charts 进行打包,具体操作步骤如下:
```shell
-cd ~/shardingsphere-on-cloud/charts/shardingsphere-operator
+cd ~/shardingsphere-on-cloud/charts/apache-shardingsphere-operator-charts
helm dependency build
-cd ~/shardingsphere-on-cloud/charts/shardingsphere-operator-cluster
+cd ~/shardingsphere-on-cloud/charts/apache-shardingsphere-operator-cluster-charts
helm dependency build
-cd ~/shardingsphere-on-cloud/charts/shardingsphere-proxy/charts/governance
+cd ~/shardingsphere-on-cloud/charts/apache-shardingsphere-proxy-charts/charts/governance
helm dependency build
-cd ~/shardingsphere-on-cloud/charts/shardingsphere-proxy
+cd ~/shardingsphere-on-cloud/charts/apache-shardingsphere-proxy-charts
helm dependency build
cd ~/shardingsphere-on-cloud/charts
-helm package shardingsphere-operator
-helm package shardingsphere-operator-cluster
-helm package shardingsphere-proxy
+helm package --sign --key '${GPG 用户名}' --keyring ~/.gnupg/secring.gpg apache-shardingsphere-operator-charts
+helm package --sign --key '${GPG 用户名}' --keyring ~/.gnupg/secring.gpg apache-shardingsphere-operator-cluster-charts
+helm package --sign --key '${GPG 用户名}' --keyring ~/.gnupg/secring.gpg apache-shardingsphere-proxy-charts
```
### 5. 更新下载页面
@@ -113,12 +214,53 @@ helm package shardingsphere-proxy
## 检查发布结果
-### 1. 检查发布文件内容
+### 1. 检查 gpg 签名
+
+首先导入发布人公钥。从 svn 仓库导入 KEYS 到本地环境。(发布版本的人不需要再导入,帮助做验证的人需要导入,用户名填发版人的即可)
+
+```shell
+curl https://dist.apache.org/repos/dist/dev/shardingsphere/KEYS >> KEYS
+gpg --import KEYS
+gpg --edit-key "${发布人的 gpg 用户名}"
+ > trust
+
+Please decide how far you trust this user to correctly verify other users' keys
+(by looking at passports, checking fingerprints from different sources, etc.)
+
+ 1 = I don't know or won't say
+ 2 = I do NOT trust
+ 3 = I trust marginally
+ 4 = I trust fully
+ 5 = I trust ultimately
+ m = back to the main menu
+
+Your decision? 5
+
+ > save
+```
+
+下载所有 prov 文件和 tgz 文件,然后进行 gpg 签名检查。
+
+Bash 可以使用以下命令检查签名:
+
+```shell
+for each in $(ls *.tgz); do helm verify $each; done
+```
+
+或逐个文件检查:
+
+```shell
+helm verify apache-shardingsphere-operator-${RELEASE.VERSION}.tgz
+helm verify apache-shardingsphere-operator-cluster-${RELEASE.VERSION}.tgz
+helm verify apache-shardingsphere-proxy-${RELEASE.VERSION}.tgz
+```
+
+### 2. 检查发布文件内容
解压缩
+- `apache-shardingsphere-operator-charts-${RELEASE.VERSION}.tgz`
+- `apache-shardingsphere-operator-cluster-charts-${RELEASE.VERSION}.tgz`
- `apache-shardingsphere-proxy-charts-${RELEASE.VERSION}.tgz`
-- `apache-shardingsphere-cluster-charts-${RELEASE.VERSION}.tgz`
-- `shardingsphere-operator-charts-${RELEASE.VERSION}.tgz`
进行如下检查:
@@ -130,7 +272,7 @@ helm package shardingsphere-proxy
- 所有第三方依赖的许可证都在 `LICENSE` 文件中声明;
- 依赖许可证的完整版全部在 `license` 目录;
- 如果依赖的是 Apache 许可证并且存在 `NOTICE` 文件,那么这些 `NOTICE` 文件也需要加入到版本的 `NOTICE` 文件中。
-### 2. 检查仓库制品
+### 3. 检查仓库制品
添加仓库
```shell
@@ -139,8 +281,14 @@ helm repo add apache https://apache.github.io/shardingsphere-on-cloud
helm search repo apache
```
-可以查询到三个制品即为发布成功
+可以查询到三个制品即为发布成功,`helm repo add` 和 `helm search repo` 会根据 index.yaml 中的校验值进行校验
+```shell
+NAME CHART VERSION APP VERSION DESCRIPTION
+apache/apache-shardingsphere-operator-charts ${RELEASE.VERSION} xxx A Helm chart for ShardingSphere-Operator
+apache/apache-shardingsphere-operator-cluster-... ${RELEASE.VERSION} xxx A Helm chart for ShardingSphere-Operator-Cluster
+apache/apache-shardingsphere-proxy-charts ${RELEASE.VERSION} xxx A Helm chart for ShardingSphere-Proxy-Cluster
+```
## 发起投票
@@ -182,7 +330,7 @@ Keys to verify the Release Candidate:
https://dist.apache.org/repos/dist/dev/shardingsphere/KEYS
Look at here for how to verify this release candidate:
-https://shardingsphere.apache.org/community/en/involved/release/shardingsphere/
+https://shardingsphere.apache.org/community/en/involved/release/shardingsphere-on-cloud/
GPG user ID:
${YOUR.GPG.USER.ID}
@@ -201,13 +349,11 @@ PMC vote is +1 binding, all others is +1 non-binding.
Checklist for reference:
-[ ] Download links are valid.
-
[ ] Checksums and PGP signatures are valid.
[ ] Source code distributions have correct names matching the current release.
-[ ] LICENSE and NOTICE files are correct for each ShardingSphere repo.
+[ ] LICENSE and NOTICE files are correct for each ShardingSphere on Cloud repo.
[ ] All files have license headers if necessary.
diff --git a/docs/community/content/involved/release/shardingsphere-on-cloud.en.md b/docs/community/content/involved/release/shardingsphere-on-cloud.en.md
index 6d6e2a83925..25c838c2877 100644
--- a/docs/community/content/involved/release/shardingsphere-on-cloud.en.md
+++ b/docs/community/content/involved/release/shardingsphere-on-cloud.en.md
@@ -44,6 +44,108 @@ Open [GitHub milestone](https://github.com/apache/shardingsphere-on-cloud/milest
1. Confirm that the milestone completion status of `${RELEASE.VERSION}` is 100%;
1. Click `close` to close milestone.
+## GPG Settings
+
+### 1. Install GPG
+
+Download installation package on [official GnuPG website](https://www.gnupg.org/download/index.html).
+The command of GnuPG 1.x version can differ a little from that of 2.x version.
+The following instructions take `GnuPG-2.1.23` version for example.
+After the installation, execute the following command to check the version number.
+
+```shell
+gpg --version
+```
+
+### 2. Create Key
+
+After the installation, execute the following command to create key.
+
+This command indicates `GnuPG-2.x` can be used:
+
+```shell
+gpg --full-gen-key
+```
+
+This command indicates `GnuPG-1.x` can be used:
+
+```shell
+gpg --gen-key
+```
+
+Finish the key creation according to instructions:
+
+> To be noticed: Please use Apache mail for key creation.
+
+```shell
+gpg (GnuPG) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc.
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Please select what kind of key you want:
+ (1) RSA and RSA (default)
+ (2) DSA and Elgamal
+ (3) DSA (sign only)
+ (4) RSA (sign only)
+Your selection? 1
+RSA keys may be between 1024 and 4096 bits long.
+What keysize do you want? (2048) 4096
+Requested keysize is 4096 bits
+Please specify how long the key should be valid.
+ 0 = key does not expire
+ <n> = key expires in n days
+ <n>w = key expires in n weeks
+ <n>m = key expires in n months
+ <n>y = key expires in n years
+Key is valid for? (0)
+Key does not expire at all
+Is this correct? (y/N) y
+
+GnuPG needs to construct a user ID to identify your key.
+
+Real name: ${Input username}
+Email address: ${Input email}
+Comment: ${Input comment}
+You selected this USER-ID:
+ "${Inputed username} (${Inputed comment}) <${Inputed email}>"
+
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
+You need a Passphrase to protect your secret key. # Input passwords
+```
+
+### 3. Check Generated Key
+
+```shell
+gpg --list-keys
+```
+
+Execution Result:
+
+```shell
+pub 4096R/700E6065 2019-03-20
+uid ${Username} (${Comment}) <{Email}>
+sub 4096R/0B7EF5B2 2019-03-20
+```
+
+Among them, 700E6065 is public key ID.
+
+### 4. Export v1 version secret
+
+``` shell
+gpg --export >~/.gnupg/pubring.gpg
+gpg --export-secret-keys >~/.gnupg/secring.gpg
+```
+
+### 5. Upload the Public Key to Key Server
+
+The command is as follows:
+
+```shell
+gpg --keyserver hkp://keyserver.ubuntu.com --send-key 700E6065
+```
+
+`keyserver.ubuntu.com` is randomly chosen from public key server.
+Each server will automatically synchronize with one another, so it would be okay to choose any one.
## Prepare Branch for Release
@@ -65,9 +167,9 @@ git push origin ${RELEASE.VERSION}-release
Update the version in `Chart.yaml` file in release branch:
```
-~/shardingsphere-on-cloud/charts/shardingsphere-operator/Chart.yaml
-~/shardingsphere-on-cloud/charts/shardingsphere-operator-cluster/Chart.yaml
-~/shardingsphere-on-cloud/charts/shardingsphere-proxy/Chart.yaml
+~/shardingsphere-on-cloud/charts/apache-shardingsphere-operator-charts/Chart.yaml
+~/shardingsphere-on-cloud/charts/apache-shardingsphere-operator-cluster-charts/Chart.yaml
+~/shardingsphere-on-cloud/charts/apache-shardingsphere-proxy-charts/Chart.yaml
```
Modify `version` to `${RELEASE.VERSION}`, `appVersion` to the corresponding application version, and submit a PR to release branch.
@@ -86,22 +188,22 @@ git push origin --tags
Before packaging charts, you need to download dependent packages through `helm dependency build` command, and then package charts. The specific operation steps are as follows:
```shell
-cd ~/shardingsphere-on-cloud/charts/shardingsphere-operator
+cd ~/shardingsphere-on-cloud/charts/apache-shardingsphere-operator-charts
helm dependency build
-cd ~/shardingsphere-on-cloud/charts/shardingsphere-operator-cluster
+cd ~/shardingsphere-on-cloud/charts/apache-shardingsphere-operator-cluster-charts
helm dependency build
-cd ~/shardingsphere-on-cloud/charts/shardingsphere-proxy/charts/governance
+cd ~/shardingsphere-on-cloud/charts/apache-shardingsphere-proxy-charts/charts/governance
helm dependency build
-cd ~/shardingsphere-on-cloud/charts/shardingsphere-proxy
+cd ~/shardingsphere-on-cloud/charts/apache-shardingsphere-proxy-charts
helm dependency build
cd ~/shardingsphere-on-cloud/charts
-helm package shardingsphere-operator
-helm package shardingsphere-operator-cluster
-helm package shardingsphere-proxy
+helm package --sign --key '${GPG 用户名}' --keyring ~/.gnupg/secring.gpg apache-shardingsphere-operator-charts
+helm package --sign --key '${GPG 用户名}' --keyring ~/.gnupg/secring.gpg apache-shardingsphere-operator-cluster-charts
+helm package --sign --key '${GPG 用户名}' --keyring ~/.gnupg/secring.gpg apache-shardingsphere-proxy-charts
```
### 5. Update the download page
@@ -113,13 +215,54 @@ Update the following pages:
### Check Release
-**1. Check Released Files**
+**1. Check gpg Signature**
+
+First, import releaser's public key. Import KEYS from SVN repository to local. (The releaser does not need to import again; the checking assistant needs to import it, with the user name filled as the releaser's. )
+
+```shell
+curl https://dist.apache.org/repos/dist/dev/shardingsphere/KEYS >> KEYS
+gpg --import KEYS
+gpg --edit-key "${releaser gpg username}"
+ > trust
+
+Please decide how far you trust this user to correctly verify other users' keys
+(by looking at passports, checking fingerprints from different sources, etc.)
+
+ 1 = I don't know or won't say
+ 2 = I do NOT trust
+ 3 = I trust marginally
+ 4 = I trust fully
+ 5 = I trust ultimately
+ m = back to the main menu
+
+Your decision? 5
+
+ > save
+```
+
+Download all prov files and tgz files, then, check the gpg signature.
+
+Checking can be performed by the following command under Bash:
+
+```bash
+for each in $(ls *.tgz); do helm verify $each; done
+```
+
+Or checking each file manually:
+
+```shell
+helm verify apache-shardingsphere-operator-${RELEASE.VERSION}.tgz
+helm verify apache-shardingsphere-operator-cluster-${RELEASE.VERSION}.tgz
+helm verify apache-shardingsphere-proxy-${RELEASE.VERSION}.tgz
+```
+
+**2. Check Released Files**
Decompress:
-- `apache-shardingsphere-proxy-charts-${RELEASE.VERSION}.tgz`
-- `apache-shardingsphere-cluster-charts-${RELEASE.VERSION}.tgz`
- `apache-shardingsphere-operator-charts-${RELEASE.VERSION}.tgz`
+- `apache-shardingsphere-operator-cluster-charts-${RELEASE.VERSION}.tgz`
+- `apache-shardingsphere-proxy-charts-${RELEASE.VERSION}.tgz`
To check the following items:
@@ -131,7 +274,7 @@ To check the following items:
* All software licenses mentioned in `LICENSE`
* All the third party dependency licenses are under `licenses` folder
* If it depends on Apache license and has a `NOTICE` file, that `NOTICE` file need to be added to `NOTICE` file of the release
-### 2. Check products
+### 3. Check products
add repo
```shell
@@ -140,9 +283,16 @@ helm repo add apache https://apache.github.io/shardingsphere-on-cloud
helm search repo apache
```
-If you can find three products, the release is successful
+If three products can be queried, the release is successful, and `helm repo add` and `helm search repo` will be verified according to the verification value in index.yaml
+```shell
+NAME CHART VERSION APP VERSION DESCRIPTION
+apache/apache-shardingsphere-operator-charts ${RELEASE.VERSION} xxx A Helm chart for ShardingSphere-Operator
+apache/apache-shardingsphere-operator-cluster-... ${RELEASE.VERSION} xxx A Helm chart for ShardingSphere-Operator-Cluster
+apache/apache-shardingsphere-proxy-charts ${RELEASE.VERSION} xxx A Helm chart for ShardingSphere-Proxy-Cluster
+```
+
## Call for a Vote
**Vote procedure**
@@ -203,13 +353,11 @@ PMC vote is +1 binding, all others is +1 non-binding.
Checklist for reference:
-[ ] Download links are valid.
-
[ ] Checksums and PGP signatures are valid.
[ ] Source code distributions have correct names matching the current release.
-[ ] LICENSE and NOTICE files are correct for each ShardingSphere repo.
+[ ] LICENSE and NOTICE files are correct for each ShardingSphere on Cloud repo.
[ ] All files have license headers if necessary.