In honor of RC13 here is another update which includes the links for RC13. +1 to Bryan Bende for actually reading step #24 from the original email.
--- For those interested in helping with build verification but not quite sure of the steps here is a fairly detailed explanation of what I've done to verify the build. 0) Import latest KEYS file so i get all the public keys. 0a) Pull KEYs file: https://dist.apache.org/repos/dist/release/incubator/nifi/KEYS 0b) Import keys file: gpg --import KEYS 1) Clear out my local maven artifact repository to get rid of everything under org/apache/nifi 2) Pull down nifi-parent items for review: https://repository.apache.org/content/repositories/orgapachenifi-1049/org/apache/nifi/nifi-parent/1.0.0-incubating/nifi-parent-1.0.0-incubating-source-release.zip https://repository.apache.org/content/repositories/orgapachenifi-1049/org/apache/nifi/nifi-parent/1.0.0-incubating/nifi-parent-1.0.0-incubating-source-release.zip.asc https://repository.apache.org/content/repositories/orgapachenifi-1049/org/apache/nifi/nifi-parent/1.0.0-incubating/nifi-parent-1.0.0-incubating-source-release.zip.md5 https://repository.apache.org/content/repositories/orgapachenifi-1049/org/apache/nifi/nifi-parent/1.0.0-incubating/nifi-parent-1.0.0-incubating-source-release.zip.sha1 2a) Verify the signature gpg --verify nifi-parent-1.0.0-incubating-source-release.zip.asc nifi-parent-1.0.0-incubating-source-release.zip Note: While the key reports as good I see a warning about it not being a trusted signature. That is because Mark isn't in my ring of trust. Noted. Can keep going forward. 3) Verify the hashes (md5 and sha1) match the source artifact and email sha1sum nifi-parent-1.0.0-incubating-source-release.zip md5sum nifi-parent-1.0.0-incubating-source-release.zip Note: The results I get match the downloaded file content and Mark's email. 4) Unzip the nifi-parent-1.0.0-incubating-source-release.zip 5) Verify the contents include a good readme, LICENSE, NOTICE, and DISCLAIMER 6) Verify that the build works. Did this by running mvn clean install -Pcontrib-check 7) Verify the git commit ID is correct and points to the same source we're looking at for nifi-parent 8) Pull down nifi-nar-maven-plugin items for review: https://repository.apache.org/content/repositories/orgapachenifi-1050/org/apache/nifi/nifi-nar-maven-plugin/1.0.1-incubating/nifi-nar-maven-plugin-1.0.1-incubating-source-release.zip https://repository.apache.org/content/repositories/orgapachenifi-1050/org/apache/nifi/nifi-nar-maven-plugin/1.0.1-incubating/nifi-nar-maven-plugin-1.0.1-incubating-source-release.zip.asc https://repository.apache.org/content/repositories/orgapachenifi-1050/org/apache/nifi/nifi-nar-maven-plugin/1.0.1-incubating/nifi-nar-maven-plugin-1.0.1-incubating-source-release.zip.md5 https://repository.apache.org/content/repositories/orgapachenifi-1050/org/apache/nifi/nifi-nar-maven-plugin/1.0.1-incubating/nifi-nar-maven-plugin-1.0.1-incubating-source-release.zip.sha1 9) Verify the signature gpg --verify nifi-nar-maven-plugin-1.0.1-incubating-source-release.zip.asc nifi-nar-maven-plugin-1.0.1-incubating-source-release.zip 10) Verify the hashes (md5 and sha1) match the source artifact and mark's email 11) Unzip the nifi-nar-maven-plugin-1.0.1-incubating-source-release.zip 12) Verify the build works. Did this by running mvn clean install -Pcontrib-check 13) Verify the contents contain a good readme, LICENSE, NOTICE, DISCLAIMER 14) Verify the git commid id is correct 15) Pull down nifi-0.1.0 items for review: https://repository.apache.org/content/repositories/orgapachenifi-1051/org/apache/nifi/nifi/0.1.0-incubating/nifi-0.1.0-incubating-source-release.zip https://repository.apache.org/content/repositories/orgapachenifi-1051/org/apache/nifi/nifi/0.1.0-incubating/nifi-0.1.0-incubating-source-release.zip.asc https://repository.apache.org/content/repositories/orgapachenifi-1051/org/apache/nifi/nifi/0.1.0-incubating/nifi-0.1.0-incubating-source-release.zip.md5 https://repository.apache.org/content/repositories/orgapachenifi-1051/org/apache/nifi/nifi/0.1.0-incubating/nifi-0.1.0-incubating-source-release.zip.sha1 16) Verify the signature gpg --verify nifi-0.1.0-incubating-source-release.zip.asc nifi-0.1.0-incubating-source-release.zip 17) Verify the hashes (md5 and sha1) match the source and mark's email 18) Unzip nifi-0.1.0-incubating-source-release.zip 19) Verify the build works. Did this by running the following which includes the RAT/license/header checks and checkstyle consistency checks mvn clean install -Pcontrib-check 19) Verify the contents contain a good readme LICENSE, NOTICE, DISCLAIMER 20) Verify the git commit ID is correct 21) Look at the resulting convenience binary as found in nifi-assembly/target/nifi-0.1.0-incubating-bin/nifi-0.1.0-incubating/ Make sure the README, LICENSE, NOTICE, DISCLAIMER are present and correct 22) Run the resulting convenience binary. Make sure it works as expected. Dataflows can be setup, etc.. 23) Send a response to the vote indicating a +1. Also indicate whether the vote is binding or not. Basically if you're an IPMC member it is binding. If you are simply PPMC or a contributor it is non-binding. However, whether it is binding or not the vote is appreciated as all of it helps ensure quality of the release and engages the community. On Wed, May 6, 2015 at 1:43 PM, Joe Witt <[email protected]> wrote: > All, > > Mark just put out the release vote for nifi 0.1.0 release which is a > really exciting release as it contains a lot of bug fixes, new > features, and includes code contributions from more than a dozen > people. Very cool. > > I wanted to put this guidance out there to help people who may be > interested in learning the process of reviewing a release. If you're > interested in parts of it, think it needs to be done differently, or > have questions please fire away. > > *** > > 0) Import latest KEYS file so i get all the public keys. > > 0a) Pull KEYs file: > https://dist.apache.org/repos/dist/release/incubator/nifi/KEYS > > 0b) Import keys file: > gpg --import KEYS > > > 1) Clear out my local maven artifact repository to get rid of > everything under org/apache/nifi > > 2) Pull down nifi-parent items for review: > https://repository.apache.org/content/repositories/orgapachenifi-1046/org/apache/nifi/nifi-parent/1.0.0-incubating/nifi-parent-1.0.0-incubating-source-release.zip > https://repository.apache.org/content/repositories/orgapachenifi-1046/org/apache/nifi/nifi-parent/1.0.0-incubating/nifi-parent-1.0.0-incubating-source-release.zip.asc > https://repository.apache.org/content/repositories/orgapachenifi-1046/org/apache/nifi/nifi-parent/1.0.0-incubating/nifi-parent-1.0.0-incubating-source-release.zip.md5 > https://repository.apache.org/content/repositories/orgapachenifi-1046/org/apache/nifi/nifi-parent/1.0.0-incubating/nifi-parent-1.0.0-incubating-source-release.zip.sha1 > > 2a) Verify the signature > gpg --verify nifi-parent-1.0.0-incubating-source-release.zip.asc > nifi-parent-1.0.0-incubating-source-release.zip > > Note: While the key reports as good I see a warning about it not being > a trusted signature. That is because Mark isn't in my ring of trust. > Noted. Can keep going forward. > > 3) Verify the hashes (md5 and sha1) match the source artifact and email > sha1sum nifi-parent-1.0.0-incubating-source-release.zip > md5sum nifi-parent-1.0.0-incubating-source-release.zip > > Note: The results I get match the downloaded file content and Mark's email. > > 4) Unzip the nifi-parent-1.0.0-incubating-source-release.zip > > 5) Verify the contents include a good readme, LICENSE, NOTICE, and DISCLAIMER > > 6) Verify that the build works. Did this by running > mvn clean install -Pcontrib-check > > 7) Verify the git commit ID is correct and points to the same source > we're looking at for nifi-parent > > 8) Pull down nifi-nar-maven-plugin items for review: > https://repository.apache.org/content/repositories/orgapachenifi-1047/org/apache/nifi/nifi-nar-maven-plugin/1.0.1-incubating/nifi-nar-maven-plugin-1.0.1-incubating-source-release.zip > https://repository.apache.org/content/repositories/orgapachenifi-1047/org/apache/nifi/nifi-nar-maven-plugin/1.0.1-incubating/nifi-nar-maven-plugin-1.0.1-incubating-source-release.zip.asc > https://repository.apache.org/content/repositories/orgapachenifi-1047/org/apache/nifi/nifi-nar-maven-plugin/1.0.1-incubating/nifi-nar-maven-plugin-1.0.1-incubating-source-release.zip.md5 > https://repository.apache.org/content/repositories/orgapachenifi-1047/org/apache/nifi/nifi-nar-maven-plugin/1.0.1-incubating/nifi-nar-maven-plugin-1.0.1-incubating-source-release.zip.sha1 > > 9) Verify the signature > gpg --verify nifi-nar-maven-plugin-1.0.1-incubating-source-release.zip.asc > nifi-nar-maven-plugin-1.0.1-incubating-source-release.zip > > 10) Verify the hashes (md5 and sha1) match the source artifact and mark's > email > > 11) Unzip the nifi-nar-maven-plugin-1.0.1-incubating-source-release.zip > > 12) Verify the build works. Did this by running > mvn clean install -Pcontrib-check > > 13) Verify the contents contain a good readme, LICENSE, NOTICE, DISCLAIMER > > 14) Verify the git commid id is correct > > 15) Pull down nifi-0.1.0 items for review: > https://repository.apache.org/content/repositories/orgapachenifi-1048/org/apache/nifi/nifi/0.1.0-incubating/nifi-0.1.0-incubating-source-release.zip > https://repository.apache.org/content/repositories/orgapachenifi-1048/org/apache/nifi/nifi/0.1.0-incubating/nifi-0.1.0-incubating-source-release.zip.asc > https://repository.apache.org/content/repositories/orgapachenifi-1048/org/apache/nifi/nifi/0.1.0-incubating/nifi-0.1.0-incubating-source-release.zip.md5 > https://repository.apache.org/content/repositories/orgapachenifi-1048/org/apache/nifi/nifi/0.1.0-incubating/nifi-0.1.0-incubating-source-release.zip.sha1 > > 16) Verify the signature > gpg --verify nifi-0.1.0-incubating-source-release.zip.asc > nifi-0.1.0-incubating-source-release.zip > > 17) Verify the hashes (md5 and sha1) match the source and mark's email > > 18) Unzip nifi-0.1.0-incubating-source-release.zip > > 19) Verify the build works. Did this by running the following which > includes the RAT/license/header checks and checkstyle consistency > checks > mvn clean install -Pcontrib-check > > 19) Verify the contents contain a good readme LICENSE, NOTICE, DISCLAIMER > > 20) Verify the git commit ID is correct > > 21) Look at the resulting convenience binary as found in > nifi-assembly/target/nifi-0.1.0-incubating-bin/nifi-0.1.0-incubating/ > Make sure the README, LICENSE, NOTICE, DISCLAIMER are present and > correct > > 22) Run the resulting convenience binary. Make sure it works as > expected. Dataflows can be setup, etc.. > > 23) Send a response to the vote indicating a +1. Also indicate > whether the vote is binding or not. Basically if you're an IPMC > member it is binding. If you are simply PPMC or a contributor it is > non-binding. However, whether it is binding or not the vote is > appreciated as all of it helps ensure quality of the release and > engages the community. > > 24) Dance in streets or high-five the person closest to you. > > *** > > > Thanks > Joe
