Page History

...

Are the LICENSE and NOTICE files present in the source root and complete?
- Specifically look in the nifi-minifi-cpp-${MINIFI_VERSION}-sources-release.zip artifact .tar.gz artifact and ensure these files are present at the root of the archive.
Evaluate the sources and dependencies.
- Does the overall LICENSE and NOTICE appear correct?
- Do all licenses fit within the ASF approved licenses?
Is there a README available that explains how to build the application and to execute it?
- Look in the *-sourcessource.tar.zip gz artifact root for the readme.
Are the signatures and hashes correct for the source release?
- Validate the hashes of the sources artifact do in fact match
- Validate the signature of the source artifact.
- Need a quick reminder on how to verify a signature?
Do all sources have necessary headers?
- Unzip Extract the sources file into a directory and execute mvn install -Pcontrib-checkexecute mkdir build && cd build && cmake .. && make package && make test && make linter
Are there no unexpected binary files in the release?
- The only thing we'd expect would be potentially test resources files.
Does the app (if appropriate) execute and function as expected?

...

1. ASCII armored GPG signatures (--digest-algo=SHA512 select the SHA512 hash algorithm). Configure GPG to always prefer stronger hashes.
  $ gpg -a -b --digest-algo=SHA512 nifi-minifi-cpp-${MINIFI_VERSION}-source-release.tar.zip gz    # produces nifi-$minifi-cpp${MINIFI_VERSION}-source-release.tar.zipgz.asc
  $ gpg -a -b --digest-algo=SHA512 nifi-minifi-cpp-${MINIFI_VERSION}-bin.tar.gz          # produces nifi-minifi-cpp-${MINIFI_VERSION}-bin.tar.gz.asc
  $ gpg -a -b --digest-algo=SHA512 nifi-minifi-cpp-${MINIFI_VERSION}-bin.zip             tar.gz          # produces nifi-minifi-cpp-${MINIFI_VERSION}-bin.ziptar.gz.asc
2. Generate SHA1 hash summaries.
  $ sha1sum nifi-${MINIFI_VERSION}-source-release.zip | cut -d" " -f1 > nifi-${RELEASAE}-source-release.zip.sha1
  $ sha1sum nifi-${MINIFI_VERSION}-bin.tar.gz | cut -d" " -f1 > nifi-${RELEASAE}-bin.tar.gz.sha1
  $ sha1sum nifi-${MINIFI_VERSION}-bin.zip | cut -d" " -f1 > nifi-${RELEASAE}-bin.zip.sha1
3. Generate SHA256 hash summaries.
  $ shasum -a 256 nifi-${MINIFI_VERSION}-source-release.zip | cut -d" " -f1 > nifi-${MINIFI_VERSION}-source-release.zip.sha256
  $ shasum -a 256 nifi-${MINIFI_VERSION}-bin.tar.gz | cut -d" " -f1 > nifi-${MINIFI_VERSION}-bin.tar.gz.sha256
  $ shasum -a 256 nifi-${MINIFI_VERSION}-bin.zip | cut -d" " -f1 > nifi-${MINIFI_VERSION}-bin.zip.sha256
For reviewing of the release candidate, commit the source release and convenience binaries files along with their hashes and signatures to https://dist.apache.org/repos/dist/dev/nifi/nifi-minifi-cpp/${VERSION}

...

RM sends a vote request email to the NiFi Developers Mailing List.
- TO: dev@nifi.apache.org
- FROM: ${RM_USERID}@apache.org
- SUBJECT: [VOTE] Release Apache NiFi MiNiFi C++ ${MINIFI_VERSION}
  
  Hello,
  
  I am pleased to be calling this vote for the source release of Apache NiFi MiNiFi C++ ${MINIFI_VERSION}.
  
  The source zip, including signatures, digests, etc. can be found at:
  https://dist.apache.org/repos/dist/dev/nifi/nifi-minifi-cpp/${MINIFI_VERSION}/
  
  The Git tag is minifi-cpp-${MINIFI_VERSION}-RC${RC}
  The Git commit ID is <40-BYTE-COMMIT-HASH>
  https://git-wip-us.apache.org/repos/asf?p=nifi-minifi-cpp.git;a=commit;h= <40-BYTE-COMMIT-HASH>
  
  Checksums of nifi-minifi-cpp-${MINIFI_VERSION}-source.tar.gz:
  SHA256: <64-BYTE-SHA1SUM-HASH>
  SHA512: <128-BYTE-SHA1SUM-HASH>
  
  Release artifacts are signed with the following key:
  https://people.apache.org/keys/committer/${RM_USERID}.asc
  
  KEYS file available here:
  https://dist.apache.org/repos/dist/release/nifi/KEYS
  
  8 issues were closed/resolved for this release:
  https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020&version=12329307
  
  Release note highlights can be found here:
  https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version${MINIFI_VERSION}
  
  The vote will be open for 72 hours.
  Please download the release candidate and evaluate the necessary items including checking hashes, signatures, build
  from source, and test. The please vote:
  
  [ ] +1 Release this package as nifi-minifi-cpp-${MINIFI_VERSION}
  [ ] +0 no opinion
  [ ] -1 Do not release this package because...
RM sends the following helper email to the NiFi Developers Mailing List.
1. TO: dev@nifi.apache.org
2. FROM: ${RM_USERID}@apache.org
3. SUBJECT: Apache NiFi MiNiFi C++ ${MINIFI_VERSION} RC${RC} Release Helper Guide
  
  Hello Apache NiFi community,
  
  Please find the associated guidance to help those interested in validating/verifying the release so they can vote.
  
  # Download latest KEYS file:
  https://dist.apache.org/repos/dist/dev/nifi/KEYS
  
  # Import keys file:
  gpg --import KEYS
  
  # Pull down nifi-minifi-cpp-${MINIFI_VERSION} source release artifacts for review:
  
  wget https://dist.apache.org/repos/dist/dev/nifi/nifi-minifi-cpp/${MINIFI_VERSION}/nifi-minifi-cpp-${MINIFI_VERSION}-source.tar.gz
  wget https://dist.apache.org/repos/dist/dev/nifi/nifi-minifi-cpp/${MINIFI_VERSION}/nifi-minifi-cpp-${MINIFI_VERSION}-source.ziptar.gz.asc
  wget https://dist.apache.org/repos/dist/dev/nifi/nifi-minifi-cpp/${MINIFI_VERSION}/nifi-minifi-cpp-${MINIFI_VERSION}-source.tar.zipgz.sha1
  wget https://dist.apache.org/repos/dist/dev/nifi/nifi-minifi-cpp/${MINIFI_VERSION}/nifi-minifi-cpp-${MINIFI_VERSION}-source.ziptar.gz.sha256
  
  # Verify the signature
  gpg --verify nifi-minifi-cpp-${MINIFI_VERSION}-source.tar.gz.asc
  
  # Verify the hashes (sha1, sha256) match the source and what was provided in the vote email thread
  sha1sum nifi-minifi-cpp-${MINIFI_VERSION}-source.tar.gz
  sha256sum nifi-minifi-cpp-${MINIFI_VERSION}-source.tar.gz
  
  # Extract nifi-minifi-cpp-${MINIFI_VERSION}-source.tar.gz
  
  # Verify the build works including tests and linter checks
  cd nifi-minifi-cpp-${MINIFI_VERSION}-source
  mkdir build && cd build && cmake .. && make package && make test && make linter
  # or:
  # ./bootstrap.sh && cd build && make package && make test && make linter
  
  # On Windows:
  # Install dependencies as documented: https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=139627733
  # cd nifi-minifi-cpp-${MINIFI_VERSION}-source
  # win_build_vs.bat build /P
  
  # Verify the contents contain a good README, NOTICE, and LICENSE.
  
  # Verify the git commit ID is correct
  
  # Verify the RC was branched off the correct git commit ID
  
  # Look at the resulting convenience binary as found in build/nifi-minifi-cpp-${MINIFI_VERSION}-bin.tar.gz
  
  # Make sure the README, NOTICE, and LICENSE are present and correct
  
  # Run the resulting convenience binary and make sure it works as expected
  
  # Send a response to the vote thread indicating a +1, 0, -1 based on your findings.
  
  Thank you for your time and effort to validate the release!
Developers in the community review the release candiate and reply to the vote email with their vote.
After 72 hours if
- at least 3 binding (PMC members) cast +1 votes, and
- the positive binding votes out number any negative binding votes
the vote passes and the release candidate is officially released. If the vote does not pass, corrections are made on the release branch and a new release candidate is put forward for a new vote.
RM sends vote result email.
- TO: dev@nifi.apache.org
- FROM: ${RM_USERID}@apache.org
- SUBJECT: [RESULT][VOTE] Release Apache NiFi MiNiFi C++ ${NIFI_VERSION}
  
  Apache NiFi Community,
  
  I am pleased to announce that the ${MINIFI_VERSION} release of Apache NiFi MiNiFi C++ passes with
  X +1 (binding) votes
  Y -1 (binding) votes
  0 0 votes
  0 -1 votes
  
  Thanks to all who helped make this release possible.
  
  Here is the PMC vote thread: ${VOTE_THREAD_URL}

...

Space shortcuts

Child pages

Versions Compared

Old Version 11

New Version 12

Key