Quantcast

Apache NiFi 0.7.3 RC1 Release Helper Guide

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Apache NiFi 0.7.3 RC1 Release Helper Guide

Michael Moser-2
Hello Apache NiFi community,

Please find the associated guidance to help those interested in
validating/verifying the 0.7.3 release so they can vote.

# Download latest KEYS file:
https://dist.apache.org/repos/dist/dev/nifi/KEYS

# Download the key used to sign this release:
https://people.apache.org/keys/committer/mosermw.asc

# Import keys file:
gpg --import KEYS

# Import key used to sign this release:
gpg --import mosermw.asc

# [optional] Clear out local maven artifact repository

# Pull down nifi-0.7.3 source release artifacts for review:
wget https://repository.apache.org/content/repositories/orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3-source-release.zip
wget https://repository.apache.org/content/repositories/orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3-source-release.zip.asc
wget https://repository.apache.org/content/repositories/orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3-source-release.zip.md5
wget https://repository.apache.org/content/repositories/orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3-source-release.zip.sha1

# Verify the signature
gpg --verify nifi-0.7.3-source-release.zip.asc

# Verify the hashes (md5, sha1, sha256) match the source and what was
provided in the vote email thread
# NOTE: the repository does not have the
nifi-0.7.3-source-release.zip.sha256 file, please find that hash in
the vote email thread
md5sum nifi-0.7.3-source-release.zip
sha1sum nifi-0.7.3-source-release.zip
sha256sum nifi-0.7.3-source-release.zip

# Unzip nifi-0.7.3-source-release.zip

# Verify the build works including release audit tool (RAT) checks
cd nifi-0.7.3
mvn clean install -Pcontrib-check

# Verify the contents contain a good README, NOTICE, and LICENSE.

# Verify the git commit ID is correct

# Verify the RC was branched off the correct git commit ID

# Look at the resulting convenience binary as found in nifi-assembly/target

# Make sure the README, NOTICE, and LICENSE are present and correct

# Run the resulting convenience binary and make sure it works as expected

# Send a response to the vote thread indicating a +1, 0, -1 based on
your findings.

Thank you for your time and effort to validate the release!
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Apache NiFi 0.7.3 RC1 Release Helper Guide

James Wing
Michael,

What's the plan for the PGP key distribution, or how do we get your key
into the KEYS file?

Thanks,

James

On Sun, May 14, 2017 at 5:36 PM, Michael Moser <[hidden email]> wrote:

> Hello Apache NiFi community,
>
> Please find the associated guidance to help those interested in
> validating/verifying the 0.7.3 release so they can vote.
>
> # Download latest KEYS file:
> https://dist.apache.org/repos/dist/dev/nifi/KEYS
>
> # Download the key used to sign this release:
> https://people.apache.org/keys/committer/mosermw.asc
>
> # Import keys file:
> gpg --import KEYS
>
> # Import key used to sign this release:
> gpg --import mosermw.asc
>
> # [optional] Clear out local maven artifact repository
>
> # Pull down nifi-0.7.3 source release artifacts for review:
> wget https://repository.apache.org/content/repositories/
> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3-
> source-release.zip
> wget https://repository.apache.org/content/repositories/
> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3-
> source-release.zip.asc
> wget https://repository.apache.org/content/repositories/
> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3-
> source-release.zip.md5
> wget https://repository.apache.org/content/repositories/
> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3-
> source-release.zip.sha1
>
> # Verify the signature
> gpg --verify nifi-0.7.3-source-release.zip.asc
>
> # Verify the hashes (md5, sha1, sha256) match the source and what was
> provided in the vote email thread
> # NOTE: the repository does not have the
> nifi-0.7.3-source-release.zip.sha256 file, please find that hash in
> the vote email thread
> md5sum nifi-0.7.3-source-release.zip
> sha1sum nifi-0.7.3-source-release.zip
> sha256sum nifi-0.7.3-source-release.zip
>
> # Unzip nifi-0.7.3-source-release.zip
>
> # Verify the build works including release audit tool (RAT) checks
> cd nifi-0.7.3
> mvn clean install -Pcontrib-check
>
> # Verify the contents contain a good README, NOTICE, and LICENSE.
>
> # Verify the git commit ID is correct
>
> # Verify the RC was branched off the correct git commit ID
>
> # Look at the resulting convenience binary as found in nifi-assembly/target
>
> # Make sure the README, NOTICE, and LICENSE are present and correct
>
> # Run the resulting convenience binary and make sure it works as expected
>
> # Send a response to the vote thread indicating a +1, 0, -1 based on
> your findings.
>
> Thank you for your time and effort to validate the release!
>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Apache NiFi 0.7.3 RC1 Release Helper Guide

Joe Witt
just need to update that dist key file is all.  I think mike did
update the git entry.

On Mon, May 15, 2017 at 3:12 PM, James Wing <[hidden email]> wrote:

> Michael,
>
> What's the plan for the PGP key distribution, or how do we get your key
> into the KEYS file?
>
> Thanks,
>
> James
>
> On Sun, May 14, 2017 at 5:36 PM, Michael Moser <[hidden email]> wrote:
>
>> Hello Apache NiFi community,
>>
>> Please find the associated guidance to help those interested in
>> validating/verifying the 0.7.3 release so they can vote.
>>
>> # Download latest KEYS file:
>> https://dist.apache.org/repos/dist/dev/nifi/KEYS
>>
>> # Download the key used to sign this release:
>> https://people.apache.org/keys/committer/mosermw.asc
>>
>> # Import keys file:
>> gpg --import KEYS
>>
>> # Import key used to sign this release:
>> gpg --import mosermw.asc
>>
>> # [optional] Clear out local maven artifact repository
>>
>> # Pull down nifi-0.7.3 source release artifacts for review:
>> wget https://repository.apache.org/content/repositories/
>> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3-
>> source-release.zip
>> wget https://repository.apache.org/content/repositories/
>> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3-
>> source-release.zip.asc
>> wget https://repository.apache.org/content/repositories/
>> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3-
>> source-release.zip.md5
>> wget https://repository.apache.org/content/repositories/
>> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3-
>> source-release.zip.sha1
>>
>> # Verify the signature
>> gpg --verify nifi-0.7.3-source-release.zip.asc
>>
>> # Verify the hashes (md5, sha1, sha256) match the source and what was
>> provided in the vote email thread
>> # NOTE: the repository does not have the
>> nifi-0.7.3-source-release.zip.sha256 file, please find that hash in
>> the vote email thread
>> md5sum nifi-0.7.3-source-release.zip
>> sha1sum nifi-0.7.3-source-release.zip
>> sha256sum nifi-0.7.3-source-release.zip
>>
>> # Unzip nifi-0.7.3-source-release.zip
>>
>> # Verify the build works including release audit tool (RAT) checks
>> cd nifi-0.7.3
>> mvn clean install -Pcontrib-check
>>
>> # Verify the contents contain a good README, NOTICE, and LICENSE.
>>
>> # Verify the git commit ID is correct
>>
>> # Verify the RC was branched off the correct git commit ID
>>
>> # Look at the resulting convenience binary as found in nifi-assembly/target
>>
>> # Make sure the README, NOTICE, and LICENSE are present and correct
>>
>> # Run the resulting convenience binary and make sure it works as expected
>>
>> # Send a response to the vote thread indicating a +1, 0, -1 based on
>> your findings.
>>
>> Thank you for your time and effort to validate the release!
>>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Apache NiFi 0.7.3 RC1 Release Helper Guide

Michael Moser
Yeah, I didn't have write permission to SVN
https://dist.apache.org/repos/dist/ which I assumed was because I'm a
committer and not on the PMC.  I've enlisted a PMC member's help to
put the release up there if this vote passes.


On Mon, May 15, 2017 at 3:13 PM, Joe Witt <[hidden email]> wrote:

> just need to update that dist key file is all.  I think mike did
> update the git entry.
>
> On Mon, May 15, 2017 at 3:12 PM, James Wing <[hidden email]> wrote:
>> Michael,
>>
>> What's the plan for the PGP key distribution, or how do we get your key
>> into the KEYS file?
>>
>> Thanks,
>>
>> James
>>
>> On Sun, May 14, 2017 at 5:36 PM, Michael Moser <[hidden email]> wrote:
>>
>>> Hello Apache NiFi community,
>>>
>>> Please find the associated guidance to help those interested in
>>> validating/verifying the 0.7.3 release so they can vote.
>>>
>>> # Download latest KEYS file:
>>> https://dist.apache.org/repos/dist/dev/nifi/KEYS
>>>
>>> # Download the key used to sign this release:
>>> https://people.apache.org/keys/committer/mosermw.asc
>>>
>>> # Import keys file:
>>> gpg --import KEYS
>>>
>>> # Import key used to sign this release:
>>> gpg --import mosermw.asc
>>>
>>> # [optional] Clear out local maven artifact repository
>>>
>>> # Pull down nifi-0.7.3 source release artifacts for review:
>>> wget https://repository.apache.org/content/repositories/
>>> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3-
>>> source-release.zip
>>> wget https://repository.apache.org/content/repositories/
>>> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3-
>>> source-release.zip.asc
>>> wget https://repository.apache.org/content/repositories/
>>> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3-
>>> source-release.zip.md5
>>> wget https://repository.apache.org/content/repositories/
>>> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3-
>>> source-release.zip.sha1
>>>
>>> # Verify the signature
>>> gpg --verify nifi-0.7.3-source-release.zip.asc
>>>
>>> # Verify the hashes (md5, sha1, sha256) match the source and what was
>>> provided in the vote email thread
>>> # NOTE: the repository does not have the
>>> nifi-0.7.3-source-release.zip.sha256 file, please find that hash in
>>> the vote email thread
>>> md5sum nifi-0.7.3-source-release.zip
>>> sha1sum nifi-0.7.3-source-release.zip
>>> sha256sum nifi-0.7.3-source-release.zip
>>>
>>> # Unzip nifi-0.7.3-source-release.zip
>>>
>>> # Verify the build works including release audit tool (RAT) checks
>>> cd nifi-0.7.3
>>> mvn clean install -Pcontrib-check
>>>
>>> # Verify the contents contain a good README, NOTICE, and LICENSE.
>>>
>>> # Verify the git commit ID is correct
>>>
>>> # Verify the RC was branched off the correct git commit ID
>>>
>>> # Look at the resulting convenience binary as found in nifi-assembly/target
>>>
>>> # Make sure the README, NOTICE, and LICENSE are present and correct
>>>
>>> # Run the resulting convenience binary and make sure it works as expected
>>>
>>> # Send a response to the vote thread indicating a +1, 0, -1 based on
>>> your findings.
>>>
>>> Thank you for your time and effort to validate the release!
>>>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Apache NiFi 0.7.3 RC1 Release Helper Guide

trkurc
Administrator
Joe, James, Mike,
I think I got confused. Do we need to get Mike's gpg public key which he
used to sign in that KEYS file, or is the key Mike put in the helper
sufficient? If it isn't sufficient, we need someone with access to svn to
add Mike, correct?

Tony

On Mon, May 15, 2017 at 4:34 PM, Michael Moser <[hidden email]> wrote:

> Yeah, I didn't have write permission to SVN
> https://dist.apache.org/repos/dist/ which I assumed was because I'm a
> committer and not on the PMC.  I've enlisted a PMC member's help to
> put the release up there if this vote passes.
>
>
> On Mon, May 15, 2017 at 3:13 PM, Joe Witt <[hidden email]> wrote:
> > just need to update that dist key file is all.  I think mike did
> > update the git entry.
> >
> > On Mon, May 15, 2017 at 3:12 PM, James Wing <[hidden email]> wrote:
> >> Michael,
> >>
> >> What's the plan for the PGP key distribution, or how do we get your key
> >> into the KEYS file?
> >>
> >> Thanks,
> >>
> >> James
> >>
> >> On Sun, May 14, 2017 at 5:36 PM, Michael Moser <[hidden email]>
> wrote:
> >>
> >>> Hello Apache NiFi community,
> >>>
> >>> Please find the associated guidance to help those interested in
> >>> validating/verifying the 0.7.3 release so they can vote.
> >>>
> >>> # Download latest KEYS file:
> >>> https://dist.apache.org/repos/dist/dev/nifi/KEYS
> >>>
> >>> # Download the key used to sign this release:
> >>> https://people.apache.org/keys/committer/mosermw.asc
> >>>
> >>> # Import keys file:
> >>> gpg --import KEYS
> >>>
> >>> # Import key used to sign this release:
> >>> gpg --import mosermw.asc
> >>>
> >>> # [optional] Clear out local maven artifact repository
> >>>
> >>> # Pull down nifi-0.7.3 source release artifacts for review:
> >>> wget https://repository.apache.org/content/repositories/
> >>> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3-
> >>> source-release.zip
> >>> wget https://repository.apache.org/content/repositories/
> >>> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3-
> >>> source-release.zip.asc
> >>> wget https://repository.apache.org/content/repositories/
> >>> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3-
> >>> source-release.zip.md5
> >>> wget https://repository.apache.org/content/repositories/
> >>> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3-
> >>> source-release.zip.sha1
> >>>
> >>> # Verify the signature
> >>> gpg --verify nifi-0.7.3-source-release.zip.asc
> >>>
> >>> # Verify the hashes (md5, sha1, sha256) match the source and what was
> >>> provided in the vote email thread
> >>> # NOTE: the repository does not have the
> >>> nifi-0.7.3-source-release.zip.sha256 file, please find that hash in
> >>> the vote email thread
> >>> md5sum nifi-0.7.3-source-release.zip
> >>> sha1sum nifi-0.7.3-source-release.zip
> >>> sha256sum nifi-0.7.3-source-release.zip
> >>>
> >>> # Unzip nifi-0.7.3-source-release.zip
> >>>
> >>> # Verify the build works including release audit tool (RAT) checks
> >>> cd nifi-0.7.3
> >>> mvn clean install -Pcontrib-check
> >>>
> >>> # Verify the contents contain a good README, NOTICE, and LICENSE.
> >>>
> >>> # Verify the git commit ID is correct
> >>>
> >>> # Verify the RC was branched off the correct git commit ID
> >>>
> >>> # Look at the resulting convenience binary as found in
> nifi-assembly/target
> >>>
> >>> # Make sure the README, NOTICE, and LICENSE are present and correct
> >>>
> >>> # Run the resulting convenience binary and make sure it works as
> expected
> >>>
> >>> # Send a response to the vote thread indicating a +1, 0, -1 based on
> >>> your findings.
> >>>
> >>> Thank you for your time and effort to validate the release!
> >>>
>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Apache NiFi 0.7.3 RC1 Release Helper Guide

James Wing
I think we're good.  We need his signing key is in the KEYS file at the
time we publish the release.  It sounds like we're on track for that - his
key is checked into the git KEYS file, and someone has been enlisted to
publish the KEYS file.  I'm sorry to promote confusion, I wasn't sure what
the process for that was, or if it had been started.

Thanks,

James

On Mon, May 15, 2017 at 2:53 PM, Tony Kurc <[hidden email]> wrote:

> Joe, James, Mike,
> I think I got confused. Do we need to get Mike's gpg public key which he
> used to sign in that KEYS file, or is the key Mike put in the helper
> sufficient? If it isn't sufficient, we need someone with access to svn to
> add Mike, correct?
>
> Tony
>
> On Mon, May 15, 2017 at 4:34 PM, Michael Moser <[hidden email]> wrote:
>
> > Yeah, I didn't have write permission to SVN
> > https://dist.apache.org/repos/dist/ which I assumed was because I'm a
> > committer and not on the PMC.  I've enlisted a PMC member's help to
> > put the release up there if this vote passes.
> >
> >
> > On Mon, May 15, 2017 at 3:13 PM, Joe Witt <[hidden email]> wrote:
> > > just need to update that dist key file is all.  I think mike did
> > > update the git entry.
> > >
> > > On Mon, May 15, 2017 at 3:12 PM, James Wing <[hidden email]> wrote:
> > >> Michael,
> > >>
> > >> What's the plan for the PGP key distribution, or how do we get your
> key
> > >> into the KEYS file?
> > >>
> > >> Thanks,
> > >>
> > >> James
> > >>
> > >> On Sun, May 14, 2017 at 5:36 PM, Michael Moser <[hidden email]>
> > wrote:
> > >>
> > >>> Hello Apache NiFi community,
> > >>>
> > >>> Please find the associated guidance to help those interested in
> > >>> validating/verifying the 0.7.3 release so they can vote.
> > >>>
> > >>> # Download latest KEYS file:
> > >>> https://dist.apache.org/repos/dist/dev/nifi/KEYS
> > >>>
> > >>> # Download the key used to sign this release:
> > >>> https://people.apache.org/keys/committer/mosermw.asc
> > >>>
> > >>> # Import keys file:
> > >>> gpg --import KEYS
> > >>>
> > >>> # Import key used to sign this release:
> > >>> gpg --import mosermw.asc
> > >>>
> > >>> # [optional] Clear out local maven artifact repository
> > >>>
> > >>> # Pull down nifi-0.7.3 source release artifacts for review:
> > >>> wget https://repository.apache.org/content/repositories/
> > >>> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3-
> > >>> source-release.zip
> > >>> wget https://repository.apache.org/content/repositories/
> > >>> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3-
> > >>> source-release.zip.asc
> > >>> wget https://repository.apache.org/content/repositories/
> > >>> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3-
> > >>> source-release.zip.md5
> > >>> wget https://repository.apache.org/content/repositories/
> > >>> orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3-
> > >>> source-release.zip.sha1
> > >>>
> > >>> # Verify the signature
> > >>> gpg --verify nifi-0.7.3-source-release.zip.asc
> > >>>
> > >>> # Verify the hashes (md5, sha1, sha256) match the source and what was
> > >>> provided in the vote email thread
> > >>> # NOTE: the repository does not have the
> > >>> nifi-0.7.3-source-release.zip.sha256 file, please find that hash in
> > >>> the vote email thread
> > >>> md5sum nifi-0.7.3-source-release.zip
> > >>> sha1sum nifi-0.7.3-source-release.zip
> > >>> sha256sum nifi-0.7.3-source-release.zip
> > >>>
> > >>> # Unzip nifi-0.7.3-source-release.zip
> > >>>
> > >>> # Verify the build works including release audit tool (RAT) checks
> > >>> cd nifi-0.7.3
> > >>> mvn clean install -Pcontrib-check
> > >>>
> > >>> # Verify the contents contain a good README, NOTICE, and LICENSE.
> > >>>
> > >>> # Verify the git commit ID is correct
> > >>>
> > >>> # Verify the RC was branched off the correct git commit ID
> > >>>
> > >>> # Look at the resulting convenience binary as found in
> > nifi-assembly/target
> > >>>
> > >>> # Make sure the README, NOTICE, and LICENSE are present and correct
> > >>>
> > >>> # Run the resulting convenience binary and make sure it works as
> > expected
> > >>>
> > >>> # Send a response to the vote thread indicating a +1, 0, -1 based on
> > >>> your findings.
> > >>>
> > >>> Thank you for your time and effort to validate the release!
> > >>>
> >
>
Loading...