Versions Compared

Old Version 58

changes.mady.by.user Steve Varnau

Saved on

compared with

New Version 59

changes.mady.by.user Steve Varnau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

 

Please remember to store your private key in a secure place.

Code Block
languagebash
titleExample: Create PGP Key
gpg --gen-key   (verify that sha1 is avoided (last on list - see above web site)
gpg -k  (shows public key)
gpg -K (shows private key)

Upload Public Key

Upload your public key to a public key server. We recommend using https://pgp.mit.edu/.

Code Block
languagebash
titleExample: Upload Public Key
gpg --send-keys <keyID> --keyserver pgp.mit.edu

Generate Revocation Certificate

Create a revocation certification using the instructions at: http://www.apache.org/dev/openpgp.html==revocation-certs.

 

Please remember to store it in a secure place separate from your PGP keys.

Code Block
languagebash
titleExample: Generate Revocation Certificate
gpg --output revoke-<keyID>.asc --armor --gen-revoke <keyID>

Add PGP to KEYS File

Do the following:

Code Block
languagebash
titleExample: Add PGP to KEYS File
svn co https://dist.apache.org/repos/dist/release/trafodion traf_release
cd traf_release
gpg --list-sigs <keyID> >> KEYS
gpg  --armor --export <keyID> >> KEYS
svn commit -m "added new public key to KEYS file"
 
Now do the same steps above  for the dev repository too : https://dist.apache.org/repos/dist/dev/trafodion

Get Your Key Signed

Link into the "Web of Trust" by having someone else sign your key. 

You can sign other people's keys, but you must verify their identity in person and make sure the key fingerprint matches. See ASF guide for more info.

Prepare For Release

Prepare New Release

  1. Send a message out to the community indicating that a new release is being planned. In this message, indicate what is planned for the release and when the release is scheduled.
  2. Give contributors enough time to assimilate this information so they can make plans to deliver their changes. Recommend giving the community several weeks notice.
  3. Review open issues and planned features; determine what Jiras should be included in the release.

Verify Release Requirements

You need to ensure that:

  • NOTICE and LICENSE files exist in the top level directory which includes all third party licenses used in the product. Please refer to: http://www.apache.org/dev/licensing-howto.html.
  • A README file exists and is up to date in the top level directory describing the release.
  • The source release contains source code only, no binaries.
  • The provenance of all source files is clear.
  • All source files have Apache license headers, where possible. Where not possible, then the exceptions are written up in the RAT_README file located in the top level directory.
  • RAT report is clean.
  • Copyright dates are current.
  • Build instructions are provided and can be run successfully.
  • Test instructions are provided and can be run successfully.

Create Release Branch

Prior to releasing, send a message to the community indicating that a new release is imminent and that a new branch will be created to build the artifacts.

Code Block
languagebash
git branch release2.0 apache/master
git push apache release2.0:release2.0

 

Make sure that check-in automated testing is set up for new release.

After the new release branch is created, send another message to the community indicating that the branch is available and the deliveries will be monitored. Allow deliveries on the main branch to continue.

It is now time to change the release number on the master branch to the next release number, to avoid confusion with the release branch.

From this time on, until the release is finished, use the release branch to update the project web site. Changes to the documentation and web site made on the master branch won't be visible during this time. The "Documentation" page will still show the new release as "in development".

Create Release Notes

Find someone to pull together release notes to summarize content of the release. A starting point is the automated JIRA release notes. Go the project overview, select the release, and use the "Release Notes" button to get a link to the list.

For the RC votes, a link to JIRA is okay, but meanwhile, the markdown page to be posted on the website(http://trafodion.apache.org/release-notes.html) should be prepared and be posted to the site by the time the release announcement is due.

Updates to the release download page also need to be prepared. http://trafodion.apache.org/download.html

Guidelines are available: http://www.apache.org/dev/release-download-pages

Create a Release Candidate

Verify that all required changes have been delivered.

Create Artifacts

Trafodion uses git as its repository. When a new version is created, mark the repository with the tag to make sure it source tar can be recreated.

Clone Trafodion Repository to a fresh workspace

 

# Move to the directory where you want to install the Trafodion source code.
cd mysource
 
# Clone the Trafodion source code
git clone git://git.apache.org/trafodion.git
 

 

Ensure that you have a remote pointing to the Apache repository. USERNAME is your apache username. 

 

git remote add apache https://USERNAME@git-wip-us.apache.org/repos/asf/trafodion.git
git fetch apache

 

Create Tag

Code Block
languagebash
titleExample: Release x.x.x and release candidate 1 (rc1)
git tag -a x.x.xrc1 apache/<releaseX.X>
git show x.x.xrc1
git push apache tag x.x.xrc1
git checkout x.x.xrc1
source env.sh
make package-src

Once completed, a new source tar file exist in the distribution directory. 

Binary Artifacts

The convenience binary artifacts should be built from the source tar file, not from a git workspace. Best to create the build in a nice clean environment per the build instructions.

Note : Ensure the windows driver executables are built and uploaded as described in the section ""Make/update windows drivers" in Build Source. This way the "make package" step below will package those in. 

However, when creating these official binaries, we do want some version information built into the binaries.In the git workspace checked out to the tag, run this describe command:

  • git describe --long --tags --dirty --always

The output should be a one-line string. Set the "PV_BUILDID" environment variable to that value and "PV_BRANCH" to the release branch name.

Code Block
languagebash
titleExample: Official Build
tar xvf apache-trafodion-x.x.x-src.tar.gz
cd apache-trafodion-x.x.x
cd core/sqf ; source sqenvr.sh ; cd ../..
export PV_BUILDID=x.x.xrc2-0-g12345ab
export PV_BRANCH=releaseX.X
make package-all
sqvers   # check version info

Create Artifact Checksums and Signatures

Assumption

You’ve already created the signing key and registered it at the https://pgp.mit.edu/ repository.

Code Block
languagebash
titleExample: Create Artifact Checksums and Signatures
gpg --armor --output apache-trafodion-x.x.x-src.tar.gz.asc --detach-sig apache-trafodion-x.x.x-src.tar.gz
gpg --verify apache-trafodion-x.x.x-src.tar.gz.asc
sha1sum apache-trafodion-x.x.x-src.tar.gz > apache-trafodion-x.x.x-src.tar.gz.sha1

For the current release each of the tarfiles in the distribution directory, including the tarfile under the directories RH*, create checksums and signature files using same methods as above. Do not include the tar files for *-tests.tgz and *-regress.tgz as part of the distributed files.The list of files we need to distribute include :

Code Block
languagebash
titleExample: Official Build
$TRAF_HOME/distribution:
apache-trafodion_clients-2.1.0-RH6-x86_64-incubating.tar.gz
apache-trafodion_installer-2.1.0-incubating.tar.gz
apache-trafodion_pyinstaller-2.1.0-incubating.tar.gz
apache-trafodion_server-2.1.0-RH6-x86_64-incubating.tar.gz
traf_ambari-2.1.0-1.noarch.rpm


 
$TRAF_HOME/distribution/RH6 :
apache-trafodion_server-2.1.0-1.x86_64.rpm

 

Test Artifacts

Build and Test Source tar File

 

Build and test the source tar file using the Build Source instructions. You should perform this test on the following environments:

 

  • Test build on a fresh VM.

  • Test build using the src tar file created above

Compare Tagged Version with Source tar File

Compare the code from the source tar file with the tagged version to make sure they match.

Code Block
languagebash
titleExample: Compare Tagged Version
mkdir artifacts
mv trafodion/distribution/* artifacts/   # save artifacts
cd trafodion ; git clean -xdf            # clean any built files
git checkout x.x.xrc1                    # be sure we are on tagged version
cd ..
tar zxf artifacts/apache-trafodion-x.x.x-src.tar.gz
diff -r trafodion apache-trafodion-x.x.x

Compare the two versions; for example, by using diff, or a GUI tool such as BCompare and the "Folder Compare Report" feature.

 

Info

The source package may have a generated LICENSE file and exclude git folders, etc per the .gitattributes file.

Verify Apache Requirements

Verify checksums and signatures using the Verify Signature instructions below. Ensure that the high-level directory contains valid version of:

  • DISCLAIMER
  • LICENSE
  • NOTICE
  • RAT_README
  • README

Stage Artifacts

Once all the artifacts have been created and tested, then it’s time to stage them. Upload the artifacts to the https://dist.apache.org/repos/dist/dev/trafodion directory.

  1. Make sure svn exists. (It can be downloaded using yum.)

    Code Block
    languagebash
    which svn
svn --version # (version 1.6.11 works)

      

  2. Create a directory to store the svn repository.

  3. Checkout source code. This creates a directory called trafodion.

    Code Block
    languagebash
    svn co https://dist.apache.org/repos/dist/dev/trafodion

      

  4. cd trafodion
  5. Create a new directory for the release: mkdir trafodion-x.x.x-RCx
  6. Copy the artifact files to the incubating directory.
  7. Ensure that you do an svn add for the new directory and all files.
  8. Ask for a review of the changes.

  9. Commit your changes.

    Code Block
    languagebash
    svn status
svn commit -m "message..."

    Go to https://dist.apache.org/repos/dist/dev to see if your changes were committed.

  10. (Future Release) Also stage JDBC jar file in maven repo. http://www.apache.org/dev/publishing-maven-artifacts.html

Verification

See: https://www.apache.org/info/verification

All artifacts have been uploaded to the staging area.

Anchor
release-verify-signature
release-verify-signature

Verify Signature

See: https://www.apache.org/info/verification

Download all the artifacts from the staging area including: 

Code Block
languagebash
apache-trafodion-x.x.x-src.tar.gz
apache-trafodion-x.x.x-src.tar.gz.asc
apache-trafodion-x.x.x-src.tar.gz.sha1
Check signatures and checksums.
  • apache-trafodion-x.x.x-src.tar.gz.asc

     

    Code Block
    languagebash
    # View public key
gpg apache-trafodion-x.x.x-src.tar.gz.asc

# Expect
gpg: Signature made Tue 03 Nov 2015 12:59:10 AM UTC using RSA key ID A44C5A05
gpg: Can't check signature: No public key

# Extract public key from key ID returned above
gpg --keyserver pgpkeys.mit.edu --recv-key A44C5A05

# Expect:
gpg: requesting key A44C5A05 from hkp server pgpkeys.mit.edu
gpg: /home/centos/.gnupg/trustdb.gpg: trustdb created
gpg: key A44C5A05: public key "Jane Doe (CODE SIGNING KEY) <jdoe@apache.org>" imported

# Verify signature
gpg --verify apache-trafodion-x.x.x-src.tar.gz.asc

# Expect:
gpg: Signature made <date> using RSA key ID A44C5A05
gpg: Good signature from "Roberta Marton (CODE SIGNING KEY) <rmarton@apache.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.



  • apache-trafodion-x.x.x-src.tar.gz.sha1

     

    Code Block
    languagebash
    sha1sum -c apache-trafodion-x.x.x-src.tar.gz.sha1

# Expect:
apache-trafodion-x.x.x-src.tar.gz: OK

Verify Apache Requirements

Next, run rat to make sure all files have Apache copyrights. See the file RAT_README in the top level source directory for steps to download the Rat jar file and running the tool , redirecting to an output file to look at all the details. 

Code Block
languagebash
titleExample: Run RAT check
java -jar /path/to/apacherat.jar -E .rat-excludes -d $(pwd)

 

 

Complete Release

Ask for a vote from the Apache Trafodion community

 Send an email to dev@trafodion.apache.org asking for a vote from the Apache Trafodion community.

  • Subject: [VOTE] Apache Trafodion release x.x.x ready for release - release candidate x
  • Message contents (see example of how other incubator projects create their contents)
    • request to vote
    • thanks to all contributors
    • link to the artifacts
    • link to git repository and its tag
    • link to verify, build, and test instructions 
    • link to release notes
    • key of person who signed the release
    • if not the first release candidate, then any changes from previous vote on the same release

The vote will be open for 72 hours (at least).  If any -1 votes returned, resolve the issue which may require the current vote to be cancelled and propose a new release candidate.  At least three +1 binding votes are needed to take this to the next phase.

If problems arise which requires a new vote, resend the original VOTE email to mailto:dev@trafodion.apache.org , prepend [CANCEL] to the title and add a short explanation why the vote was cancelled.

  • Subject: [CANCEL][VOTE] Apache Trafodion release x.x.x ready for release - release candidate x

If the vote is successful (no -1's and at least three +1's) after 72 hours, report the results of the vote:

  • Subject: [RESULT][VOTE] Apache Trafodion release x.x.x ready for release - release candidate x

Final Release

Git Label

  • Get the latest from repo:
    • git fetch --all
  • Create a release tag on the final release candidate. The rel/ folder is protected, so that no one can remove the tag. The tag should be based on the last RC tag.
    • git tag -m "Release x.x.x Final"    rel/x.x.x      x.x.xrcX
    • Example (create rel/1.3.0, based on RC5 tag)
      • git tag -m "Release 1.3.0 Final"   rel/1.3.0    1.3.0rc5 
  • Verify tag is on correct commit:
    • git log --decorate rel/x.x.x
  • Push the tag to Apache repo (requires committer permissions):
    • git push apache tag rel/x.x.x

Upload Release Artifacts

  • Checkout release site.
  • cd traf-rel
  • Update the KEYS file, if required
  • Create a new directory for the release: mkdir apache-trafodion-x.x.x
  • Copy the artifacts to the new directory.
  • Ensure that you do an svn add for the new directory and all files.  If you updated the KEYS file, also add it.
  • Remove old release directory(ies) (svn rm). Only the latest release should be on mirrors. (Older ones are in archive site.)
  • Commit your changes

Update Project Web Site

Add the Release Notes to the web site and update the downloads page.

Files to be updated are docs/src/site/markdown. They can be previewed by generating the HTML files (mvn site) and viewing them in browser.

Submit a pull request for these changes to the master branch. Both download.md and documentation.md need new sections for the latest release. Note that this will be the first time that manuals for the next release (main branch) will be published on the site. Those documents will now appear in the "Latest (In Development)" section.

Update Apache Database

This step can be done only by a project PMC. If release manager is not an Trafodion PMC then please reach out to an existing Trafodion PMC or contact Trafodion PMC chair to complete this step.

Performing this step keeps https://reporter.apache.org/?trafodion site updated and people using the Apache Reporter Service will be able to see the latest release data for Trafodion.

Wait for Mirrors to Synch

Wait 24 hour for the artifacts to be distributed to the mirrors. Go to www.apache.org/dyn/closer.lua, click on one or more of the mirror locations, click on incubator and then Trafodion.  Under Trafodion, you should see the release artifacts. Once the links work, commit the pull request for the web site and publish the site.

Announce the Release

A message should be sent to both the users@trafodion.apache.org and the announce@apache.org lists.

Title: [ANNOUNCE] Release Apache Trafodion x.x.x

Contents should include release summary and/or link to release notes as well as link to download site. The contents should avoid mentioning any specific company name, even the change was done by a specific company.