...
- download staged artifacts. Check their signature and hashes.
mkdir checkrelease
cd releasecheck
wget -r -nH --cut-dirs=100 --no-parent https://dist.apache.org/repos/dist/dev/incubator/nuttx/9.0.0-RC0
- [RM] verify the reported signature ("gpg: Good signature from ...")
gpg --verify apache-nuttx-9.0.0-incubating.tar.gz.asc apache-nuttx-9.0.0-incubating.tar.gz
gpg --verify apache-nuttx-apps-9.0.0-incubating.tar.gz.asc apache-nuttx-apps-9.0.0-incubating.tar.gz
- [RM] verify the reported hashes:
sha512sum -c apache-nuttx-9.0.0-incubating.tar.gz.sha512
- sha512sum -c apache-nuttx-apps-9.0.0-incubating.tar.gz.sha512
- extract src bundle
tar -xf apache-nuttx-9.0.0-incubating.tar.gz
tar -xf apache-nuttx-apps-9.0.0-incubating.tar.gz
- verify the existence of LICENSE, NOTICE, README.txtmd, DISCLAIMER-WIP files in the extracted source bundle in BOTH apps and nuttx
- [RM] verify the staged source ReleaseNotes file in nuttx correspond the current release
- [RM] verify the staged source .version file in nuttx correspond the current release
- WIP for future releases! Run RAT on the extracted source
- Built Targets
cd nuttx
- build from directions in README.txt for a target that you have
- sim target is OK if you do not have hardware, but please try multiple OS if possible (especially Windows and MacOS)
- Some targets are built as part of CI, but do not have functional testing so these are valuable as well
- [RM] WIP for future releases! review target/rat.txt (though the build should fail if RAT constraints aren't met)
...