You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

Once a release candidate has been staged to https://dist.apache.org/repos/dist/dev/incubator/pegasus it must be validated and voted on in order to proceed.

The full checklist can be found here: Incubator Release Checklist.

Prerequisites

For mac:

brew install gpg

For ubuntu:

sudo apt install gnupg

Downloading the release files

A release consists of a source zip, a signature file, a sha512 checksum file.

  • Source package: https://dist.apache.org/repos/dist/dev/incubator/pegasus/a.b.c-RCd/apache-pegasus-a.b.c-incubating-src.zip
  • Signature (asc)https://dist.apache.org/repos/dist/dev/incubator/pegasus/a.b.c-RCd/apache-pegasus-a.b.c-incubating-src.zip.asc
  • Checksum (sha512): https://dist.apache.org/repos/dist/dev/incubator/pegasus/a.b.c-RCd/apache-pegasus-a.b.c-incubating-src.zip.sha512

Please download the files altogether.

Verifying the signature (ASC)

Before checking the signature, you should download and import the public keys from https://dist.apache.org/repos/dist/dev/incubator/pegasus/KEYS

gpg --import KEYS

In order to check the signature (ASC) of the release:

gpg --verify apache-pegasus-2.1.0-incubating-src.zip.asc apache-pegasus-2.1.0-incubating-src.zip

This should produce something like this:

gpg: using RSA key B29EB88AD60BB41EC9D82687B1DA1BBC34C617A9
gpg: issuer "wutao@apache.org"
gpg: Good signature from "Tao Wu <wutao@apache.org>" [ultimate]

If you get the following error,  it means you don't have the public key of the person who signed the message.

gpg: Signature made 一 10/14 13:04:42 2019 CST
gpg:                using RSA key BA45CDBB87E8B146A81F5BBE2206EF8F64C35889
gpg: Can't check signature: No public key

Verifying the checksum (SHA512)

sha512sum --check apache-pegasus-2.1.0-incubating-src.zip.sha512

If it produces "apache-pegasus-2.1.0-incubating-src.zip: OK", it means the package is good.

Running RAT

Before building it might be a good idea to run RAT on the unpacked sources. This will find all binaries and files without headers.

Download the latest version of RAT from here: apache-rat-0.13-bin.tar.gz

Unpack it somewhere and change into the unpacked source directory and run the following command:

java -jar apache-rat-0.13/apache-rat-0.13.jar -d apache-pegasus-a.b.c-incubating-src -E apache-pegasus-a.b.c-incubating-src/.rat-excludes
  • No labels