Page History

...

You should have a 4096 bit RSA PGP key for signing the release. This key should be in the Apache web of trust. Once generated, ensure your key is in https://svn.apache.org/repos/asf/zookeeper/bookkeeper/dist/KEYS^{Image Added}.

• http://apache.org/dev/release-signing.html
• http://apache.org/dev/openpgp.html

...

1. Create release branch
2. Generate release notes
3. Build and stage artifacts
4. Test Inspect the built artifacts
5. Tag the release in Subversion
6. Run the vote
7. If vote gets +1 from 3 PMC members and no -1, go to next step, otherwise fix problem and repeat from step 2.
8. Release artifacts
9. Wait 24 hours for mirrors to sync
10. Update the website
11. Announce the release

...

Generate the release notes from JIRA. https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311293

Select the correct version, in HTML format. Make it look like previous release notes. https://svn.apache.org/repos/asf/zookeeper/bookkeeper/site/content/docs/r4.1.0/releaseNotes.textile^{Image Added}

Generate a list of all issues committed since last release. In this example, the last release was the 1st February 2012.

bookkeeper/trunk$ svn log -r {2012-02-01}:HEAD

Manually check this list for accuracy! I've repeatedly seen closed bugs that were not fixed (i.e., duplicate) marked with a fix version, so that they incorrectly show up in this list. Find those, edit them to remove the fix release (only actually fixed bugs should have a fix release) and re-run the report.Select the correct version, in HTML format. Make it look like previous release notes.that the list from JIRA, SVN and CHANGES.txt all reflect the same changes.

Build the artifacts

Make sure the branch builds cleanly. Check for errors and warnings in the output.

mvn clean findbugs:findbugs apache-rat:check install

Then build the artifacts.

mvn clean package assembly:single -DskipTests

This will generate

• bookkeeper/target/bookkeeper-<VERSION>-src.tar.gz
• bookkeeper-server/target/bookkeeper-server-<VERSION>-bin.tar.gz
• hedwig-server/target/hedwig-server-<VERSION>-bin.tar.gz

Inspect the artifacts

Extract each of the generated artifacts;

• Check file permissions are correct for all files
• Check the LICENSE and NOTICE files cover all included jars (especially for the -bin packages)
• Check the source package builds, and all tests pass
• Check that "mvn apache-rat:check" passes on the source package.
• Check that a bookie can be run from the source package and from the bookkeeper-server binary package
• Check that a hedwig hub can be run from the source package and from the hedwig-server binary package

Staging the artifacts

Create a directory and copy the three tar.gz packages into it. Sign and generate md5 & sha1 hashes for each package.

md5 <FILE>.tar.gz > <FILE>.tar.gz.md5
shasum <FILE>.tar.gz > <FILE>.tar.gz.sha1
gpg --armor --output <FILE>.tar.gz.asc --detach-sig <FILE>.tar.gz