...
Thanks for your interest in helping to vote on a release candidate. First it is a good idea to review http://nifi.apache.org/release-guide.html. This page provides important background material to understand the mechanics and meaning of a release. It explains how things like +1, -1, 0, binding, and non binding votes work. With the above in mind lets dive right into the main steps in reviewing a release candidate of Apache NiFi (note the steps for NiFi Registry, MiNiFi, etc.. may differ).
Please find the associated guidance to help those interested in validating/verifying the release so they can vote.#
Download latest KEYS file
...
wget https://dist.apache.org/repos/dist/dev/nifi/KEYS
#
wget for Windows can be found here.
Import keys file
...
gpg --import KEYS
On Windows cmder included gpg.
#
[optional] Clear out local maven artifact repository
rm -rf ~/.m2/repository/*
#
Pull down nifi-1.16.2 source release artifacts for review
...
wget https://dist.apache.org/repos/dist/dev/nifi/nifi-1.16.2/nifi-1.16.2-source-release.zip
#
wget https://dist.apache.org/repos/dist/dev/nifi/nifi-1.16.2/nifi-1.16.2-source-release.zip.asc
wget https://dist.apache.org/repos/dist/dev/nifi/nifi-1.16.2/nifi-1.16.2-source-release.zip.sha256
wget https://dist.apache.org/repos/dist/dev/nifi/nifi-1.16.2/nifi-1.16.2-source-release.zip.sha512
Verify the signature
gpg --verify -v nifi-1.16.2-source-release.zip.asc
#
Verify the hashes (sha256, sha512) match the source and what was provided in the vote email thread
shasum -a 256 nifi-1.16.2-source-release.zip
shasum -a 512 nifi-1.16.2-source-release.zip
#
On Windowscertutil -hashfile nifi-1.16.2-source-release.zip SHA256
certutil -hashfile nifi-1.16.2-source-release.zip SHA512
Unzip nifi-1.16.2-source-release.zip
unzip nifi-1.16.2-source-release.zip
#
Verify the build works including release audit tool (RAT) checks
cd nifi-1.16.2
mvn -T 1C clean install -Pcontrib-check,include-grpc
#
Further checks:
- Verify the contents contain a good README, NOTICE, and LICENSE.
...
- Verify the git commit ID is correct
...
- Verify the RC was branched off the correct git commit ID
...
- Look at the resulting convenience binary as found in nifi-assembly/target
...
- Make sure the README, NOTICE, and LICENSE are present and correct
...
- Run the resulting convenience binary and make sure it works as expected
...
- Send a response to the vote thread indicating a +1, 0, -1 based on your findings.
Thank you for your time and effort to validate the release!