You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@nifi.apache.org by Joe Witt <jo...@apache.org> on 2016/04/13 04:48:16 UTC

Apache NiFi 0.6.1 RC2 Release Helper Guide

Hello Apache NiFi community,

Please find the associated guidance to help those interested in
validating/verifying the release so they can vote.

# Download latest KEYS file:
  https://dist.apache.org/repos/dist/dev/nifi/KEYS

# Import keys file:
  gpg --import KEYS

# [optional] Clear out local maven artifact repository

# Pull down nifi-0.6.1 source release artifacts for review:

  wget https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.1/nifi-0.6.1-source-release.zip
  wget https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.1/nifi-0.6.1-source-release.zip.asc
  wget https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.1/nifi-0.6.1-source-release.zip.md5
  wget https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.1/nifi-0.6.1-source-release.zip.sha1

# Verify the signature
  gpg --verify nifi-0.6.1-source-release.zip.asc

# Verify the hashes (md5, sha1) match the source and what was provided
in the vote email thread
  md5sum nifi-0.6.1-source-release.zip
  sha1sum nifi-0.6.1-source-release.zip

# Unzip nifi-0.6.1-source-release.zip

# Verify the build works including release audit tool (RAT) checks
  cd nifi-0.6.1
  mvn clean install -Pcontrib-check

# Verify the contents contain a good README, NOTICE, and LICENSE.

# Verify the git commit ID is correct

# Verify the RC was branched off the correct git commit ID

# Look at the resulting convenience binary as found in nifi-assembly/target

# Make sure the README, NOTICE, and LICENSE are present and correct

# Run the resulting convenience binary and make sure it works as expected

# Send a response to the vote thread indicating a +1, 0, -1 based on
your findings.

Thank you for your time and effort to validate the release!

Re: Apache NiFi 0.6.1 RC2 Release Helper Guide

Posted by Joe Witt <jo...@apache.org>.

Team,

It was noted that the signatures for the source and convenience
binaries uploaded used SHA1 digest.  I have uploaded additional
signatures for each of the three artifacts that use SHA512.  You can
validate against these signatures instead or as well using

gpg --verbose --verify nifi-0.6.1-source-release.zip.asc-SHA512
nifi-0.6.1-source-release.zip
gpg --verbose --verify nifi-0.6.1-bin.tar.gz.asc-SHA512 nifi-0.6.1-bin.tar.gz
gpg --verbose --verify nifi-0.6.1-bin.zip.asc-SHA512 nifi-0.6.1-bin.zip

Will also update the release guide to ensure this is validated next time.

Thanks
Joe

On Tue, Apr 12, 2016 at 10:48 PM, Joe Witt <jo...@apache.org> wrote:
> Hello Apache NiFi community,
>
> Please find the associated guidance to help those interested in
> validating/verifying the release so they can vote.
>
> # Download latest KEYS file:
>   https://dist.apache.org/repos/dist/dev/nifi/KEYS
>
> # Import keys file:
>   gpg --import KEYS
>
> # [optional] Clear out local maven artifact repository
>
> # Pull down nifi-0.6.1 source release artifacts for review:
>
>   wget https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.1/nifi-0.6.1-source-release.zip
>   wget https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.1/nifi-0.6.1-source-release.zip.asc
>   wget https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.1/nifi-0.6.1-source-release.zip.md5
>   wget https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.1/nifi-0.6.1-source-release.zip.sha1
>
> # Verify the signature
>   gpg --verify nifi-0.6.1-source-release.zip.asc
>
> # Verify the hashes (md5, sha1) match the source and what was provided
> in the vote email thread
>   md5sum nifi-0.6.1-source-release.zip
>   sha1sum nifi-0.6.1-source-release.zip
>
> # Unzip nifi-0.6.1-source-release.zip
>
> # Verify the build works including release audit tool (RAT) checks
>   cd nifi-0.6.1
>   mvn clean install -Pcontrib-check
>
> # Verify the contents contain a good README, NOTICE, and LICENSE.
>
> # Verify the git commit ID is correct
>
> # Verify the RC was branched off the correct git commit ID
>
> # Look at the resulting convenience binary as found in nifi-assembly/target
>
> # Make sure the README, NOTICE, and LICENSE are present and correct
>
> # Run the resulting convenience binary and make sure it works as expected
>
> # Send a response to the vote thread indicating a +1, 0, -1 based on
> your findings.
>
> Thank you for your time and effort to validate the release!