Versions Compared

Old Version 58

changes.mady.by.user Subbu Subramaniam

Saved on

compared with

New Version 59

changes.mady.by.user Xiang Fu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

  1. Prerequisite for Mac

    Code Block
    languagebash
    brew install wget
brew install gpg


  2. Set environment variables for version & release candidate number.

    Code Block
    languagebash
    VERSION=0.911.0
RC=0


  3. Download the release candidate tarballs and open the directory for the corresponding release candidate (e.g., https://dist.apache.org/repos/dist/dev/pinot/apache-pinot-0.8.0-rc0)

    Code Block
    languagebash
    mkdir rc-test
cd rc-test
wget https://dist.apache.org/repos/dist/dev/pinot/apache-pinot-$VERSION-rc$RC/apache-pinot-$VERSION-src.tar.gz
wget https://dist.apache.org/repos/dist/dev/pinot/apache-pinot-$VERSION-rc$RC/apache-pinot-$VERSION-src.tar.gz.asc
wget https://dist.apache.org/repos/dist/dev/pinot/apache-pinot-$VERSION-rc$RC/apache-pinot-$VERSION-src.tar.gz.sha512
wget https://dist.apache.org/repos/dist/dev/pinot/apache-pinot-$VERSION-rc$RC/apache-pinot-$VERSION-bin.tar.gz
wget https://dist.apache.org/repos/dist/dev/pinot/apache-pinot-$VERSION-rc$RC/apache-pinot-$VERSION-bin.tar.gz.asc
wget https://dist.apache.org/repos/dist/dev/pinot/apache-pinot-$VERSION-rc$RC/apache-pinot-$VERSION-bin.tar.gz.sha512


  4. Verify bundle name, signature & SHA512 hash

    1. Import public keys from Pinot release managers (need to do if gpg complains that there is no public key)

      Code Block
      languagebash
      wget https://dist.apache.org/repos/dist/release/pinot/KEYS
gpg --import KEYS


    2. Verify the signature (Note: You may see a WARNING that the key is not certified with a trusted signature. That is fine. See https://serverfault.com/questions/569911/how-to-verify-an-imported-gpg-key. Also, see https://gpgtools.tenderapp.com/kb/how-to/trusting-keys-and-why-this-signature-is-not-to-be-trusted#this-signature-is-not-to-be-trusted.  In order not to see the warning message, you can edit the key in your local environment (see https://www.gnupg.org/gph/en/manual/x334.html)

      Code Block
      languagebash
      gpg --verify apache-pinot-${VERSION}-bin.tar.gz.asc
gpg --verify apache-pinot-${VERSION}-src.tar.gz.asc

gpg: assuming signed data in 'apache-pinot-x.x.x-bin.tar.gz'
gpg: Signature made Tue Aug 10 13:47:08 2021 PDT
gpg:                using RSA key 6117BAEB7199AF89
gpg: Good signature from "Seunghyun Lee <snlee@apache.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: DDB6 EBD1 C9E6 ACB0 3DAF  3B44 6117 BAEB 7199 AF89


### Please note that sometimes "KEYS" file shows the short key. The example is the following:

-----END PGP PUBLIC KEY BLOCK-----
pub   4096R/7199AF89 2021-05-10
uid                  Seunghyun Lee <snlee@apache.org>
sig 3        7199AF89 2021-05-10  Seunghyun Lee <snlee@apache.org>
sub   4096R/F306596D 2021-05-10
sig          7199AF89 2021-05-10  Seunghyun Lee <snlee@apache.org>

-----BEGIN PGP PUBLIC KEY BLOCK-----



# KEYS file indicates "7199AF89" as the key while the pgp verify command shows the full key "6117BAEB7199AF89"
# In this case, please do check the last 8 digits and see if they do match.

    3. Verify hashes

      Code Block
      languagebash
      # Compare the output with *.tar.gz.sha512 file
shasum -a 512 apache-pinot-${VERSION}-bin.tar.gz
cat apache-pinot-${VERSION}-bin.tar.gz.sha512

shasum -a 512 apache-pinot-${VERSION}-src.tar.gz
cat apache-pinot-${VERSION}-src.tar.gz.sha512

  5. Open a directory for the corresponding release candidate and untar the tarball.

    Code Block
    languagebash
    tar -xzvf apache-pinot-${VERSION}-src.tar.gz
tar -xzvf apache-pinot-${VERSION}-bin.tar.gz

  6. Verify git commit hash & tag 

    1. Checking if the git commit hash provided in voting mail matches with the commit hash from the actual tag & checking if the source release matches with the git tag

      Code Block
      languagebash
      git clone -b release-${VERSION}-rc${RC} --single-branch --depth 1 https://github.com/apache/pinot.git pinot-git-src  
cd pinot-git-src

# Check git commit hash given here against the one given in the voting mail
git log
cd ..
diff -r apache-pinot-${VERSION}-src pinot-git-src

# Expected output is to only include lines starting with "Only in pinot-git-src..."
# Only in pinot-git-src: .codecov_bash
# Only in pinot-git-src: .codecov.yml
# ...

  7. Verify LICENSE, and NOTICE files are present in the extracted bundle.

  8. Verify if the source distribution can compile

    Warning

    You must build and run with JDK 11+


    Code Block
    languagebash
    cd apache-pinot-${VERSION}-src

# Build Pinot (This will run license check, compilation, but not tests. Running tests will take a few hours, you can enable it by removing -DskipTests option)
mvn clean install -Pbin-dist -DskipTests

# Add maven option -Djdk.version=8 when building with JDK 8. JDK 8 support will be deprecated in the future.
mvn clean install -Pbin-dist -DskipTests -Djdk.version=8

# Run Quick Demo
cd pinot-distribution/target/apache-pinot-${VERSION}-bin/apache-pinot-${VERSION}-bin
bin/quick-start-batch.sh

# At this point, open a web browser and go to http://localhost:9000/query and try to run some queries

  9. Verify if the binary distribution is working well with the Quick Demo

    Code Block
    languagebash
    # Run Quick Demo
cd apache-pinot-${VERSION}-bin
bin/quick-start-batch.sh

# At this point, open a web browser and go to http://localhost:9000/query and try to run some queries

...