You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by jo...@apache.org on 2019/10/29 18:08:40 UTC

svn commit: r1869121 - in /nifi/site/trunk: people.html release-guide.html

Author: joewitt
Date: Tue Oct 29 18:08:40 2019
New Revision: 1869121

URL: http://svn.apache.org/viewvc?rev=1869121&view=rev
Log:
NIFI-6733 updating release guidance

Modified:
    nifi/site/trunk/people.html
    nifi/site/trunk/release-guide.html

Modified: nifi/site/trunk/people.html
URL: http://svn.apache.org/viewvc/nifi/site/trunk/people.html?rev=1869121&r1=1869120&r2=1869121&view=diff
==============================================================================
--- nifi/site/trunk/people.html (original)
+++ nifi/site/trunk/people.html Tue Oct 29 18:08:40 2019
@@ -373,6 +373,11 @@
         <td>Rob Fellows</td>
         <td></td>
     </tr>
+    <tr>
+        <td>turcsanyi</td>
+        <td>Peter Turcsanyi</td>
+        <td></td>
+    </tr>
 </table>
 </div>
 </div>

Modified: nifi/site/trunk/release-guide.html
URL: http://svn.apache.org/viewvc/nifi/site/trunk/release-guide.html?rev=1869121&r1=1869120&r2=1869121&view=diff
==============================================================================
--- nifi/site/trunk/release-guide.html (original)
+++ nifi/site/trunk/release-guide.html Tue Oct 29 18:08:40 2019
@@ -202,7 +202,7 @@ present at the root of the archive.</li>
 <li>Does the overall LICENSE and NOTICE appear correct?</li>
 <li>Do all licenses fit within the ASF approved licenses?</li>
 <li>Here is an example path to a sources artifact that has been prepared but not released:<br>
-<code>https://repository.apache.org/content/repositories/${STAGING_REPO_ID}/org/apache/nifi/nifi/${NIFI_VERSION}/nifi-${NIFI_VERSION}-source-release.zip</code></li>
+<code>https://dist.apache.org/repos/dist/dev/nifi/nifi-${NIFI_VERSION}/nifi-${NIFI_VERSION}-source-release.zip</code></li>
 </ul></li>
 <li>Is there a README available that explains how to build the application and to execute it?
 <ul>
@@ -211,10 +211,10 @@ present at the root of the archive.</li>
 <li>Are the signatures and hashes correct for the source release?
 <ul>
 <li>Validate the hashes of the sources artifact do in fact match:<br>
-<code>https://repository.apache.org/content/repositories/${STAGING_REPO_ID}/org/apache/nifi/nifi/${NIFI_VERSION}/nifi-${NIFI_VERSION}-source-release.zip.sha256</code><br>
-<code>https://repository.apache.org/content/repositories/${STAGING_REPO_ID}/org/apache/nifi/nifi/${NIFI_VERSION}/nifi-${NIFI_VERSION}-source-release.zip.sha512</code></li>
+<code>https://dist.apache.org/repos/dist/dev/nifi/nifi-${NIFI_VERSION}/nifi-${NIFI_VERSION}-source-release.zip.sha256</code><br>
+<code>https://dist.apache.org/repos/dist/dev/nifi/nifi-${NIFI_VERSION}/nifi-${NIFI_VERSION}-source-release.zip.sha512</code></li>
 <li>Validate the signature of the source artifact.  Here is an example path:<br>
-<code>https://repository.apache.org/content/repositories/${STAGING_REPO_ID}/org/apache/nifi/nifi/${NIFI_VERSION}/nifi-${NIFI_VERSION}-source-release.zip.asc</code></li>
+<code>https://dist.apache.org/repos/dist/dev/nifi/nifi-${NIFI_VERSION}/nifi-${NIFI_VERSION}-source-release.zip.asc</code></li>
 <li>Need a quick reminder on how to <a href="https://www.apache.org/dev/release-signing.html#verifying-signature">verify a signature</a>?</li>
 </ul></li>
 <li>Do all sources have necessary headers?
@@ -343,7 +343,9 @@ login with your Apache committer credent
 click on that you can inspect the various staged artifacts.</p></li>
 <li><p>Validate that all the various aspects of the staged artifacts appear correct</p>
 <ul>
-<li>Download the sources.  Do they compile cleanly?  If the result is a build does it execute?</li>
+<li>Download the sources and signature at the following URL. Do they compile cleanly?  If the result is a build does it execute?  We download the sources and signature from the nexus artifacts so that these sources and signature match what we put in dist and thus all signatures and such match.  If you pull the sources from your local build it will differ and can create confusion during RC validation.  These are the first two primary artifacts you need for the voting (the sources and the signature).  You'll gather other artifacts and signatures and generate hashes below.<br>
+<code>wget https://repository.apache.org/service/local/repositories/orgapachenifi-nnnn/content/org/apache/nifi/nifi/${NIFI_VERSION}/nifi-${NIFI_VERSION}-source-release.zip</code><br>
+<code>wget https://repository.apache.org/service/local/repositories/orgapachenifi-nnnn/content/org/apache/nifi/nifi/${NIFI_VERSION}/nifi-${NIFI_VERSION}-source-release.zip.asc</code></li>
 <li>Validate the hashes match.</li>
 <li>Validate that the sources contain no unexpected binaries.</li>
 <li>Validate the signature for the build and hashes. <a href="https://nifi.apache.org/gpg.html#verifying-a-release-signature">Verifying a release signature</a>.</li>
@@ -357,11 +359,10 @@ click on that you can inspect the variou
 <li><p>Push the tag created by the release:prepare step to the ASF repository.</p>
 <pre><code>git push asf nifi-${NIFI_VERSION}-RC${RC}
 </code></pre></li>
-<li><p>Create the signature and hashes for the source release and convenience binary files.</p>
+<li><p>Create the signature and hashes for the source release and convenience binary files.  You take the source release and signature from steps above.  You grab the other conveniece binaries from your local build directories.</p>
 <ol>
 <li>ASCII armored GPG signatures (<code>--digest-algo=SHA512</code> select the SHA512 hash algorithm). <a href="https://www.apache.org/dev/openpgp.html#key-gen-avoid-sha1">Configure GPG to always prefer stronger hashes</a>.
-<pre><code>$ gpg -a -b --digest-algo=SHA512 nifi-${NIFI_VERSION}-source-release.zip  # produces nifi-${NIFI_VERSION}-source-release.zip.asc
-$ gpg -a -b --digest-algo=SHA512 nifi-${NIFI_VERSION}-bin.tar.gz          # produces nifi-${NIFI_VERSION}-bin.tar.gz.asc
+<pre><code>$ gpg -a -b --digest-algo=SHA512 nifi-${NIFI_VERSION}-bin.tar.gz          # produces nifi-${NIFI_VERSION}-bin.tar.gz.asc
 $ gpg -a -b --digest-algo=SHA512 nifi-${NIFI_VERSION}-bin.zip             # produces nifi-${NIFI_VERSION}-bin.zip.asc
 $ gpg -a -b --digest-algo=SHA512 nifi-toolkit-${NIFI_VERSION}-bin.zip     # produces nifi-toolkit-${NIFI_VERSION}-bin.zip.asc
 $ gpg -a -b --digest-algo=SHA512 nifi-toolkit-${NIFI_VERSION}-bin.tar.gz  # produces nifi-toolkit-${NIFI_VERSION}-bin.tar.gz.asc
@@ -382,7 +383,7 @@ $ shasum -a 512 nifi-toolkit-${NIFI_VERS
 </code></pre></li>
 </ol></li>
 <li><p>For reviewing of the release candidate, commit the source release and convenience binaries files along with their<br>
-hashes and signatures to <code>https://dist.apache.org/repos/dist/dev/nifi/nifi-${NIFI_VERSION}</code>.</p></li>
+hashes and signatures to <code>https://dist.apache.org/repos/dist/dev/nifi/nifi-${NIFI_VERSION}</code>. There should be in total 20 files (5 primary artifacts, 5 signatures, 5 sha256, 5 sha512).</p></li>
 </ol>
 <h3>Step 4. Error recovery (RM)</h3>
 <p>If anything isn't correct about the staged artifacts you can drop the staged repo from repository.apache.org and delete<br>
@@ -413,6 +414,9 @@ I am pleased to be calling this vote for
 The source zip, including signatures, digests, etc. can be found at:
 https://repository.apache.org/content/repositories/orgapachenifi-nnnn
 
+The source being voted upon and the convenience binaries can be found at:
+https://dist.apache.org/repos/dist/dev/nifi/nifi-${NIFI_VERSION}/
+
 The Git tag is nifi-${NIFI_VERSION}-RC${RC}
 The Git commit ID is ${RC_TAG_COMMIT_ID}
 https://gitbox.apache.org/repos/asf?p=nifi.git;a=commit;h=${RC_TAG_COMMIT_ID}