In order to make DataLab release that follow apache policy we should make sure that:

  • Source code can be compiled;
  • Unit/Integration tests are passed;
  • Apache copyright header is present in almost all files. Header can be missed in files that does not support comments: e.g. json, txt, md etc;
  • There is not compiled code in sources;

NOTE:
Get rid of a folder integration-tests from release branch. The folder should be in develop branch, but not in release one.

After such sanity checks are done: 

  1. Create branch and tag for RC

  2. Create archive for sources: 

    git archive --format tar --output ${output_path} ${branch_name}


  3. Generate gpg key (if was not generated before): 

    gpg --gen-key


  4. Send key to server (if was not sent before): 

    gpg --send-key ${your_key_id}

  5. Edit id.apache.org - update your key fingerprint

  6. Sign release package (tar/zip archive): 

    gpg -u ${your_key_id} --armor --output ${output_file_name} --detach-sig ${path_to_archive}


  7. Create sha512 key for release package: 

    gpg --print-md SHA512 ${path_to_archive} > ${path_to_archive}.sha512

8. 'This is a pre-release' option should be checked off in Github

9. Upload signed RC to https://dist.apache.org/repos/dist/dev/incubator/datalab (svn repo).

Before starting a vote process it is supposed to check (Data QA's responsibility):

  • Download links (in vote email)
  • Checksums and PGP signatures
  • DISCLAIMER
  • LICENSE and NOTICE files exist
  • Correct year in NOTICE file
  • Source code artifacts have correct names matching the current release
  • Incubating is present in artifact name
  • All files have license headers if necessary
  • No compiled archives bundled in source archive
  • Check if there is any extra files or folders, empty folders for example

Signing the key (Data QA's responsibility)

Sign a key (https://downloads.apache.org/incubator/datalab/KEYS) if he is not signed before

1. List the keys currently in your keyring: 

gpg --list-keys

2. To sign PPMC's key, so pull it into your keyring: 

gpg --recv-keys <2AD3FAE3>

If PPMC's key is already in your keyring, it's a good idea to pull it again, so that your keyring is up to date.

If the default keyserver (keys.gnupg.net) is not responsive, use the MIT or Ubuntu

gpg --keyserver pgp.mit.edu --recv-keys <2AD3FAE3>
or 
gpg --keyserver keyserver.ubuntu.com --recv-keys <2AD3FAE3>

3. Sign PPMC's key: 

gpg --sign-key <2AD3FAE3>

4. send the signed key to the keyserver

gpg --send-keys <2AD3FAE3>
gpg --keyserver pgp.mit.edu --send-keys <2AD3FAE3>
gpg --keyserver keyserver.ubuntu.com --send-keys <2AD3FAE3>

5. The keyserver will merge our signature with those available for PPMC's key. Wait a few moments for the merging to complete and check that everything worked by visiting the following:

https://keyserver.ubuntu.com/pks/lookup?search=0xDDB6E9812AD3FAE3&op=vindex
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xDDB6E9812AD3FAE3
https://keyserver.ntzwrk.org/pks/lookup?op=vindex&fingerprint=on&search=0xDDB6E9812AD3FAE3

where 0xDDB6E9812AD3FAE PPMC's key data

If you can see your signature for PPMC's key on all those servers, so that means his key was signed correctly.

VERIFYING A SIGNATURE (Data QA's responsibility)

Source

Download data from 'release candidate' link which is in vote email.

gpg --verify apache-dlab-2.3.0-incubating.tar.gz.asc.txt apache-dlab-2.3.0-incubating.tar.gz

Signature is valid, if gpg verifies the .asc as a good signature, and doesn't complain about expired or revoked keys:

gpg --verify --status-fd 1 apache-dlab-2.3.0-incubating.tar.gz.asc.txt apache-dlab-2.3.0-incubating.tar.gz

Should classify the .asc as a GOODSIG:

Check the integrity of a release (Data QA's responsibility)

gpg --print-md SHA512 apache-dlab-2.3.0-incubating.tar.gz > apache-dlab-2.3.0-incubating.tar.gz.sha512
cat apache-dlab-2.3.0-incubating.tar.gz.sha512
cat apache-dlab-2.3.0-incubating.tar.gz.sha512.txt

And compare outputs. They should be identical.

Vote process

  1. Create voting mail thread for release on dev@dlab.apache.org with subject [VOTE]: Release Apache DataLab (incubating) VERSIONhttps://lists.apache.org/thread.html/9fd53b487701557362d60e962986aa3fd8c1eb438b25d5cc17665dff@%3Cdev.dlab.apache.org%3E can be used as mail template. After mail is sent we should wait for approving release from community. (At lease 1 mentor should approve release)

  2. If voting is positive then result mail thread should be created on dev@datalab.apache.org with subject [VOTE][RESULT]: Release Apache DataLab (incubating) VERSION. Email should contain summary of voting. (e.g. https://lists.apache.org/thread.html/2adb88790037bef3cce513c6e28db8b2e75749de78856aef4f3568a8@%3Cdev.dlab.apache.org%3E).

NOTE:

  1. In vote dev@datalab.apache.org/general@incubator.apeche.org for key url use the follow link https://downloads.apache.org/incubator/datalab/KEYS (e.g. https://lists.apache.org/thread/3bt93zt2fnpm2gtopzv9jx677vj2cjvg).
  2. To change https://downloads.apache.org/incubator/datalab/ you need to fill in via svn at https://dist.apache.org/repos/dist/release/incubator/datalab/ 

After all step above are done voting should be moved to general@incubator.apeche.org and should be opened at least 72 hours. (e.g. https://lists.apache.org/thread.html/550b40cf7951254cc8f02c54b8704b51b92ffec0562cc280d4c94f70@%3Cgeneral.incubator.apache.org%3E). Voting is treated as positive if approve was got from at least 3 IPMC members and no negative votes present. After release is approved new mail should be sent to general@incubator.apeche.org with subject [VOTE][RESULT]: Release Apache DataLab (incubating) VERSION that contains results of voting. Next step is to move RC to release location https://dist.apache.org/repos/dist/release/incubator/datalab/ and create release on https://github.com/apache/incubator-datalab.

  • No labels