...
Before starting the process, you need to ensure several things before proceed to create a release.
- You need to have clone the latest pinot code base in your local machine
- You need to ensure that you have the access to Apache Repository Manager. Try to log in with Apache LDAP credential.
You need to check out Apache staging & release distribution directories for Pinot.
Code Block language bash svn co https://dist.apache.org/repos/dist/release/incubator/pinot pinot-release-dist svn co https://dist.apache.org/repos/dist/dev/incubator/pinot pinot-dev-dist
https://dist.apache.org/repos/dist/release/incubator/pinot: this is where the actual release (PMC approved) will be placed. Do not upload anything here until voting from both dev@pinot and general@incubator pass.
- https://dist.apache.org/repos/dist/dev/incubator/pinot: this is where we put the release candidates and link for this will be used for reference during the voting process.
GPG
...
Key Setup
The release manager must hold a GPG key for signing the release artifacts. GPG key has to be associated with the apache email address. One can create the GPG by using the following cmd. Note that the key length should be 4096 bits. Please refer to the example below:
| Code Block | ||
|---|---|---|
| ||
$ gpg2 --full-generate-key
gpg (GnuPG) 2.1.22; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
...
gpg: key 2C9B34D6A54AAFAE marked as ultimately trusted
... |
After you generate the GPG key, copy the key. "gpg:
...
key 2C9B34D6A54AAFAE marked as ultimately trusted" (From here, I will use $GPG_KEY).
| Code Block | ||
|---|---|---|
| ||
$ GPG_KEY=<your_gpg_key> # fill in your key |
Once you generate the gpg key, you need to go through the following steps:
Upload GPG public key to a public key server. Copy the following command's output to "Submit a key" box and click the submit button. http://pgp.mit.edu
Code Block language bash $ gpg --export --armor $GPG_KEY -----BEGIN PGP PUBLIC KEY BLOCK----- ... -----END PGP PUBLIC KEY BLOCK-----Update key fingerprint at https://id.apache.org
Code Block language bash $ gpg --fingerprint $GPG_KEYCopy the hex numbers (e.g. "0D9E 9997 4D5A 59F1 7183 362F 2C9B 34D6 A54A AFAE") to "OpenPGP Public Key Primary Fingerprint" box and submit the change.
Update KEYS file under pinot-release-dist
Code Block language bash $ cd pinot-release-dist # Append the public key to KEYS file gpg --list-sigs $GPG_KEY && gpg --armor --export $GPG_KEY >> KEYS... # Commit the change svn commit -m "Update Pinot KEYS file for $GPG_KEY"
After following 1-3, you should have the following:
- Your public key is listed in https://dist.apache.org/repos/dist/release/incubator/pinot/KEYS
- Your public key is viewable at https://people.apache.org/keys/committer/<apache_ldap_id>.asc (e.g. https://people.apache.org/keys/committer/snlee.asc)
- Your public key is viewable at https://people.apache.org/keys/group/pinot.asc
Maven Setup
...
Reference
- http://plc4x.apache.org/developers/release.html
- https://cwiki.apache.org/confluence/display/GOBBLIN/Release+Process
...