svn commit: r1869121 - in /nifi/site/trunk: people.html release-guide.html

Tue, 29 Oct 2019 11:09:08 -0700 

Author: joewitt
Date: Tue Oct 29 18:08:40 2019
New Revision: 1869121

URL: http://svn.apache.org/viewvc?rev=1869121&view=rev
Log:
NIFI-6733 updating release guidance

Modified:
    nifi/site/trunk/people.html
    nifi/site/trunk/release-guide.html

Modified: nifi/site/trunk/people.html
URL: 
http://svn.apache.org/viewvc/nifi/site/trunk/people.html?rev=1869121&r1=1869120&r2=1869121&view=diff
==============================================================================
--- nifi/site/trunk/people.html (original)
+++ nifi/site/trunk/people.html Tue Oct 29 18:08:40 2019
@@ -373,6 +373,11 @@
         <td>Rob Fellows</td>
         <td></td>
     </tr>
+    <tr>
+        <td>turcsanyi</td>
+        <td>Peter Turcsanyi</td>
+        <td></td>
+    </tr>
 </table>
 </div>
 </div>

Modified: nifi/site/trunk/release-guide.html
URL: 
http://svn.apache.org/viewvc/nifi/site/trunk/release-guide.html?rev=1869121&r1=1869120&r2=1869121&view=diff
==============================================================================
--- nifi/site/trunk/release-guide.html (original)
+++ nifi/site/trunk/release-guide.html Tue Oct 29 18:08:40 2019
@@ -202,7 +202,7 @@ present at the root of the archive.</li>
 <li>Does the overall LICENSE and NOTICE appear correct?</li>
 <li>Do all licenses fit within the ASF approved licenses?</li>
 <li>Here is an example path to a sources artifact that has been prepared but 
not released:<br>
-<code>https://repository.apache.org/content/repositories/${STAGING_REPO_ID}/org/apache/nifi/nifi/${NIFI_VERSION}/nifi-${NIFI_VERSION}-source-release.zip</code></li>
+<code>https://dist.apache.org/repos/dist/dev/nifi/nifi-${NIFI_VERSION}/nifi-${NIFI_VERSION}-source-release.zip</code></li>
 </ul></li>
 <li>Is there a README available that explains how to build the application and 
to execute it?
 <ul>
@@ -211,10 +211,10 @@ present at the root of the archive.</li>
 <li>Are the signatures and hashes correct for the source release?
 <ul>
 <li>Validate the hashes of the sources artifact do in fact match:<br>
-<code>https://repository.apache.org/content/repositories/${STAGING_REPO_ID}/org/apache/nifi/nifi/${NIFI_VERSION}/nifi-${NIFI_VERSION}-source-release.zip.sha256</code><br>
-<code>https://repository.apache.org/content/repositories/${STAGING_REPO_ID}/org/apache/nifi/nifi/${NIFI_VERSION}/nifi-${NIFI_VERSION}-source-release.zip.sha512</code></li>
+<code>https://dist.apache.org/repos/dist/dev/nifi/nifi-${NIFI_VERSION}/nifi-${NIFI_VERSION}-source-release.zip.sha256</code><br>
+<code>https://dist.apache.org/repos/dist/dev/nifi/nifi-${NIFI_VERSION}/nifi-${NIFI_VERSION}-source-release.zip.sha512</code></li>
 <li>Validate the signature of the source artifact.  Here is an example 
path:<br>
-<code>https://repository.apache.org/content/repositories/${STAGING_REPO_ID}/org/apache/nifi/nifi/${NIFI_VERSION}/nifi-${NIFI_VERSION}-source-release.zip.asc</code></li>
+<code>https://dist.apache.org/repos/dist/dev/nifi/nifi-${NIFI_VERSION}/nifi-${NIFI_VERSION}-source-release.zip.asc</code></li>
 <li>Need a quick reminder on how to <a 
href="https://www.apache.org/dev/release-signing.html#verifying-signature";>verify
 a signature</a>?</li>
 </ul></li>
 <li>Do all sources have necessary headers?
@@ -343,7 +343,9 @@ login with your Apache committer credent
 click on that you can inspect the various staged artifacts.</p></li>
 <li><p>Validate that all the various aspects of the staged artifacts appear 
correct</p>
 <ul>
-<li>Download the sources.  Do they compile cleanly?  If the result is a build 
does it execute?</li>
+<li>Download the sources and signature at the following URL. Do they compile 
cleanly?  If the result is a build does it execute?  We download the sources 
and signature from the nexus artifacts so that these sources and signature 
match what we put in dist and thus all signatures and such match.  If you pull 
the sources from your local build it will differ and can create confusion 
during RC validation.  These are the first two primary artifacts you need for 
the voting (the sources and the signature).  You'll gather other artifacts and 
signatures and generate hashes below.<br>
+<code>wget 
https://repository.apache.org/service/local/repositories/orgapachenifi-nnnn/content/org/apache/nifi/nifi/${NIFI_VERSION}/nifi-${NIFI_VERSION}-source-release.zip</code><br>
+<code>wget 
https://repository.apache.org/service/local/repositories/orgapachenifi-nnnn/content/org/apache/nifi/nifi/${NIFI_VERSION}/nifi-${NIFI_VERSION}-source-release.zip.asc</code></li>
 <li>Validate the hashes match.</li>
 <li>Validate that the sources contain no unexpected binaries.</li>
 <li>Validate the signature for the build and hashes. <a 
href="https://nifi.apache.org/gpg.html#verifying-a-release-signature";>Verifying 
a release signature</a>.</li>
@@ -357,11 +359,10 @@ click on that you can inspect the variou
 <li><p>Push the tag created by the release:prepare step to the ASF 
repository.</p>
 <pre><code>git push asf nifi-${NIFI_VERSION}-RC${RC}
 </code></pre></li>
-<li><p>Create the signature and hashes for the source release and convenience 
binary files.</p>
+<li><p>Create the signature and hashes for the source release and convenience 
binary files.  You take the source release and signature from steps above.  You 
grab the other conveniece binaries from your local build directories.</p>
 <ol>
 <li>ASCII armored GPG signatures (<code>--digest-algo=SHA512</code> select the 
SHA512 hash algorithm). <a 
href="https://www.apache.org/dev/openpgp.html#key-gen-avoid-sha1";>Configure GPG 
to always prefer stronger hashes</a>.
-<pre><code>$ gpg -a -b --digest-algo=SHA512 
nifi-${NIFI_VERSION}-source-release.zip  # produces 
nifi-${NIFI_VERSION}-source-release.zip.asc
-$ gpg -a -b --digest-algo=SHA512 nifi-${NIFI_VERSION}-bin.tar.gz          # 
produces nifi-${NIFI_VERSION}-bin.tar.gz.asc
+<pre><code>$ gpg -a -b --digest-algo=SHA512 nifi-${NIFI_VERSION}-bin.tar.gz    
      # produces nifi-${NIFI_VERSION}-bin.tar.gz.asc
 $ gpg -a -b --digest-algo=SHA512 nifi-${NIFI_VERSION}-bin.zip             # 
produces nifi-${NIFI_VERSION}-bin.zip.asc
 $ gpg -a -b --digest-algo=SHA512 nifi-toolkit-${NIFI_VERSION}-bin.zip     # 
produces nifi-toolkit-${NIFI_VERSION}-bin.zip.asc
 $ gpg -a -b --digest-algo=SHA512 nifi-toolkit-${NIFI_VERSION}-bin.tar.gz  # 
produces nifi-toolkit-${NIFI_VERSION}-bin.tar.gz.asc
@@ -382,7 +383,7 @@ $ shasum -a 512 nifi-toolkit-${NIFI_VERS
 </code></pre></li>
 </ol></li>
 <li><p>For reviewing of the release candidate, commit the source release and 
convenience binaries files along with their<br>
-hashes and signatures to 
<code>https://dist.apache.org/repos/dist/dev/nifi/nifi-${NIFI_VERSION}</code>.</p></li>
+hashes and signatures to 
<code>https://dist.apache.org/repos/dist/dev/nifi/nifi-${NIFI_VERSION}</code>. 
There should be in total 20 files (5 primary artifacts, 5 signatures, 5 sha256, 
5 sha512).</p></li>
 </ol>
 <h3>Step 4. Error recovery (RM)</h3>
 <p>If anything isn't correct about the staged artifacts you can drop the 
staged repo from repository.apache.org and delete<br>
@@ -413,6 +414,9 @@ I am pleased to be calling this vote for
 The source zip, including signatures, digests, etc. can be found at:
 https://repository.apache.org/content/repositories/orgapachenifi-nnnn
 
+The source being voted upon and the convenience binaries can be found at:
+https://dist.apache.org/repos/dist/dev/nifi/nifi-${NIFI_VERSION}/
+
 The Git tag is nifi-${NIFI_VERSION}-RC${RC}
 The Git commit ID is ${RC_TAG_COMMIT_ID}
 https://gitbox.apache.org/repos/asf?p=nifi.git;a=commit;h=${RC_TAG_COMMIT_ID}

Reply via email to