Preparation
- Make sure you have a PGP key of at least 4096 bits in the RSA format added to the KEYS file in addition to a public PGP key server such as http://keyserver.ubuntu.com.
- Configure your
git config
user.signingKey
,user.name
, anduser.email
values to match that key.For example:
git config user.name 'Matt Sicker' git config user.email 'mattsicker@apache.org' git config user.signingKey 0x031EE010CA15D1EE
- Add your GPG and LDAP info to your
~/.m2/settings.xml
- If you haven't set a master password for Maven, run
mvn --encrypt-master-password
and choose a password. - Save this in
~/.m2/settings-security.xml
as (make sure to preserve the curly braces to indicate the password is encrypted):<settingsSecurity> <master>{encryptedPasswordHere}</master> </settingsSecurity>
- Next, encrypt your LDAP and GPG passwords using
mvn --encrypt-password
and store those inside~/.m2/settings.xml
like so (make sure to use the long form of your key id given by thegpg -K
command):<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd"> <servers> <server> <id>svn.apache.org</id> <username>myLdapId</username> <password>{myLdapPass}</password> </server> <server> <id>apache.releases.https</id> <username>myLdapId</username> <password>{myLdapPass}</password> </server> <server> <id>apache.snapshots.https</id> <username>myLdapId</username> <password>{myLdapPass}</password> </server> </servers> <!-- note that this enables the release profile by default which will gpg sign all apache artifacts during builds --> <!-- when not releasing, comment this element out or use -P!apache-release to disable the profile from the command line --> <activeProfiles> <activeProfile>apache-release</activeProfile> </activeProfiles> <profiles> <profile> <id>apache-release</id> <properties> <!-- note that these settings are only needed if you haven't configured your default key in your gpg.conf already --> <gpg.keyname>0x031EE010CA15D1EE</gpg.keyname> <!-- specify your Maven-encrypted GPG passphrase for this key if you aren't using gpg-agent --> <gpg.passphrase>{myGpgKeyPassphrase}</gpg.passphrase> </properties> </profile> </profiles> </settings>
- If you haven't set a master password for Maven, run
Release Process
- Note that since a parent pom can be easily ignored by downstream users, this release process works via lazy approval rather than the usual voting process.
- Run
mvn -Papache-release release:prepare release:perform -DreleaseVersion=n -DdevelopmentVersion=N-SNAPSHOT -Dtag=logging-parent-n
to begin the release process. - Login to https://repository.apache.org/ and find the newly created staging repository. Close it to publish said release to staging.
- Send a lazy vote email for this version to dev@logging.apache.org.
- If there are problems with this release, a new version can be released without issue.
- After the voting period, release the artifacts from Nexus.
- Create a signed tag of the passed release candidate via
git tag -s rel/n 'logging-parent-n^{}' -m 'Release n of Logging Parent POM' && git push --tags
- Send announcement email to dev@logging.apache.org.