...
Introduction
Thanks for your interest in helping to vote on a release candidate. First it is a good idea to review http://nifi.apache.org/release-guide.html. This page provides important background material to understand the mechanics and meaning of a release. It explains how things like +1, -1, 0, binding, and non binding votes work. With the above in mind lets dive right into the main steps in reviewing a release candidate of Apache NiFi (note the steps for NiFi Registry, MiNiFi, etc.. may differ).
Please find the associated guidance to help those interested in validating/verifying the release so they can vote.# Download latest KEYS file:!
Please review the Project Release Guide for details on the release process and procedures associated with voting.
Prerequisites
Download OpenPGP Keys for Signature Verification
wget https://dist.apache.org/repos/dist/dev/nifi/KEYS
# Import keys file:
wget for Windows can be found here.
Import OpenPGP Keys
gpg --import KEYS
On Windows cmder includes gpg.
#
[
...
Optional] Clear
...
Local Maven Artifact Repository
rm -rf ~/.m2/repository/*
# Pull down nifi-1.11.4 source release artifacts for review:
Verification Steps
Download Source Release Files
export VERSION=2.0.0-M4
wget wget https://dist.apache.org/repos/dist/dev/nifi/nifi-1.11.4$VERSION/nifi-1.11.4$VERSION-source-release.zip
#
wget https://dist.apache.org/repos/dist/dev/nifi/nifi-1.11.4$VERSION/nifi-1.11.4$VERSION-source-release.zip.asc
wget https://dist.apache.org/repos/dist/dev/nifi/nifi-1.11.4$VERSION/nifi-1.11.4$VERSION-source-release.zip.sha256
wget https://dist.apache.org/repos/dist/dev/nifi/nifi-1.11.4$VERSION/nifi-1.11.4$VERSION-source-release.zip.sha512
Verify
...
OpenPGP Signatures
gpg --verify -v nifi-1.11.4$VERSION-source-release.zip.asc
# Verify the hashes (sha256, sha512) match the source and what was provided in the vote email thread
Verify Hashes Match Source Release Files and Vote Email Thread
Run the following commands on Linux or macOS:
shasum -a 256 nifi-1.11.4$VERSION-source-release.zip
shasum -a 512 nifi-1.11.4$VERSION-source-release.zip
Run the following commands on Windows:
certutil -hashfile nifi-$VERSION-source-release.zip SHA256
# Unzip certutil -hashfile nifi-
1.11.4$VERSION-source-release.zip SHA512
Extract Source Release Files
unzip -DD nifi-1.11.4$VERSION-source-release.zip
Verify Maven Build with Licensing and Style Checks
Use Maven Wrapper to build using the currently configured Maven version. The Maven Wrapper script is named mvnw for Linux and macOS, and mvnw.cmd for Windows.
cd nifi-$VERSION
On Linux or macOS
./mvnw -T 1C clean install -Pcontrib-check
On Windows
mvnw.cmd
# Verify the build works including release audit tool (RAT) checkscd nifi-1.11.4
mvn -T 1C clean install -Pcontrib-check,include-grpc
#
Verify Additional Source and Build Artifacts
- Verify the contents contain a good README, NOTICE, and LICENSE
...
...
- Verify the git commit ID is correct
...
- Verify the RC was branched off the correct git commit ID
...
- Look at the resulting convenience
...
- binaries as found in:
- nifi-assembly/target
- nifi-registry/nifi-registry-assembly/target
- nifi-toolkit/nifi-toolkit-assembly/target
- minifi/minifi-assembly/target
- Run the resulting convenience binaries
Send Response to Vote Thread
The team welcomes participation in the release verification process! Project Management Committee members can cast binding votes. All other committers and contributors can cast non-binding votes.
# Make sure the README, NOTICE, and LICENSE are present and correct
# Run the resulting convenience binary and make sure it works as expected
# Send a response to the vote thread indicating a +1, 0, -1 based on your findings.
Thank you for your time and effort to validate the release!