Versions Compared

Old Version 4

changes.mady.by.user Rashmi Raghu

Saved on

compared with

New Version 5

changes.mady.by.user Rashmi Raghu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

Ensure that all HAWQ JIRA issues that are addressed in this release are marked with the release version in the ‘FixVersion’ field of the issue.

 

...

Creating and Validating the Release Candidate

  • Build is successful (Refer to Build and Install for build instructions)
  • DISCLAIMER is correct, filenames include “incubating”
  • LICENSE and NOTICE files are correct and dependency licenses are acceptable
  • All source files have license headers where appropriate, RAT checks pass
    • Additional check:
      • pom.xml (For artifactId "hawq", verify version is consistent with the version specified in getversion file in the root directory).
  • The provenance of all source files is clear (ASF or software grants)
  • Create the Release Candidate
  • Sign the Release Candidate
  • Verify the Release Candidate signatures
  • Commit artifacts to the Apache dist site 


Create the Release Candidate

...

Check that md5, shasum, and gpg (or gpg2) are installed on your machine:

$

...

which

...

gpg shasum md5
/

...

usr/local/bin/gpg
/usr/bin/shasum

...

/sbin/md5

Install using Hombrew (on Mac OS) if needed e.g.:

$ brew install gnupg
==> Downloading ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.19.tar.bz2
######################################################################## 100.0%
==> ./configure --disable-silent-rules --prefix=/usr/local/Cellar/gnupg/1.4.19 --disable-asm
==> make
==> make check
==> make install

    /usr/local/Cellar/gnupg/1.4.19: 53 files, 5.4M, built in 87 seconds
office-4-125:release_manager_stuff rraghu$ which gpg
/usr/local/bin/gpg

 

Prepare MD5, SHA256 and ASC files from the source tarball and binaries:

md5

...

<your

...

release

...

tarball

...

or

...

binary>

...

>

...

<your

...

release

...

tarball

...

or

...

binary>.md5
shasum

...

-a

...

512

...

<your

...

release

...

tarball

...

or

...

binary>

...

>

...

<your

...

release

...

tarball

...

or

...

binary>.sha512

...


gpg

...

--detach-sign

...

-a

...

<your

...

release

...

tarball

...

or

...

binary>

Example:

$

...

md5

...

apache-madlib-1.11-incubating-src.tar.gz

...

>

...

apache-madlib-1.11-incubating-src.tar.gz.md5
$

...

shasum

...

-a

...

512

...

apache-madlib-1.11-incubating-src.tar.gz

...

>

...

apache-madlib-1.11-incubating-src.tar.gz.sha512
$

...

gpg

...

--detach-sign

...

-a

...

apache-madlib-1.11-incubating-src.tar.gz

You

...

need

...

a

...

passphrase

...

to

...

unlock

...

the

...

secret

...

key

...

for
user:

...

"Rashmi

...

Raghu

...

(CODE

...

SIGNING

...

KEY)

...

<rashmiraghu@apache.org>"
4096-bit

...

RSA

...

key,

...

ID

...

28D2C789,

...

created

...

2017-05-01

 

$

...

ls

...

-la

-rw-r--r--@

...

1

...

rraghu

...

staff

...

9961787

...

May

...

1

...

13:55

...

apache-madlib-1.11-incubating-bin-Darwin.dmg
-rw-r--r--

...

1

...

rraghu

...

staff

...

819

...

May

...

1

...

14:29

...

apache-madlib-1.11-incubating-bin-Darwin.dmg.asc
-rw-r--r--

...

1

...

rraghu

...

staff

...

86

...

May

...

1

...

14:27

...

apache-madlib-1.11-incubating-bin-Darwin.dmg.md5
-rw-r--r--

...

1

...

rraghu

...

staff

...

175

...

May

...

1

...

14:28

...

apache-madlib-1.11-incubating-bin-Darwin.dmg.sha512
-rw-r--r--@

...

1

...

rraghu

...

staff

...

3868116

...

May

...

1

...

13:55

...

apache-madlib-1.11-incubating-bin-Linux-GPDB5alpha1.rpm
-rw-r--r--

...

1

...

rraghu

...

staff

...

819

...

May

...

1

...

14:48

...

apache-madlib-1.11-incubating-bin-Linux-GPDB5alpha1.rpm.asc
-rw-r--r--

...

1

...

rraghu

...

staff

...

97

...

May

...

1

...

14:46

...

apache-madlib-1.11-incubating-bin-Linux-GPDB5alpha1.rpm.md5
-rw-r--r--

...

1

...

rraghu

...

staff

...

186

...

May

...

1

...

14:47

...

apache-madlib-1.11-incubating-bin-Linux-GPDB5alpha1.rpm.sha512
-rw-r--r--@

...

1

...

rraghu

...

staff

...

18527053

...

May

...

1

...

13:55

...

apache-madlib-1.11-incubating-bin-Linux.rpm
-rw-r--r--

...

1

...

rraghu

...

staff

...

819

...

May

...

1

...

14:43

...

apache-madlib-1.11-incubating-bin-Linux.rpm.asc
-rw-r--r--

...

1

...

rraghu

...

staff

...

85

...

May

...

1

...

14:41

...

apache-madlib-1.11-incubating-bin-Linux.rpm.md5
-rw-r--r--

...

1

...

rraghu

...

staff

...

174

...

May

...

1

...

14:41

...

apache-madlib-1.11-incubating-bin-Linux.rpm.sha512
-rw-r--r--@

...

1

...

rraghu

...

staff

...

2474217

...

May

...

1

...

13:56

...

apache-madlib-1.11-incubating-src.tar.gz
-rw-r--r--

...

1

...

rraghu

...

staff

...

819

...

May

...

1

...

14:45

...

apache-madlib-1.11-incubating-src.tar.gz.asc
-rw-r--r--

...

1

...

rraghu

...

staff

...

82

...

May

...

1

...

14:44

...

apache-madlib-1.11-incubating-src.tar.gz.md5
-rw-r--r--

...

1

...

rraghu

...

staff

...

171

...

May

...

1

...

14:45

...

apache-madlib-1.11-incubating-src.tar.gz.sha512

 

Validate the Release Candidate 

...

  • PGP signatures and SHA256/MD4 checksum verification

Example (performed on a Macbook Pro: brew install gpg2 coreutilsMac OS):

$ brew install gpg2 gpg coreutilsbrew install gpg2 coreutils
Warning: gnupg2-2.0.30_3 already installed
Warning: coreutils-8.26 already installed

$ which gpg gsha512sum gmd5sum$ which gpg2 gsha256sum gmd5sum 
/usr/local/bin/gpg2gpg
/usr/local/bin/gsha256sumgsha512sum
/usr/local/bin/gmd5sum

$ gpg2 --import ../KEYS
gpg: directory `/Users/espino/.gnupg' created
gpg: new configuration file `/Users/espino/.gnupg/gpg.conf' created
gpg: WARNING: options in `/Users/espino/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/Users/espino/.gnupg/secring.gpg' created
gpg: keyring `/Users/espino/.gnupg/pubring. gpg ' created
gpg: /Users/espino/.gnupg/trustdb.gpg: trustdb created
gpg: key D0D6D44A: public key "Caleb Welton <cwelton@apache.org>" imported
gpg: key 9AF9C0EE: public key "Ting (Goden) Yao (CODE SIGNING KEY) <godenyao@apache.org>" imported
gpg: key 8051460D: public key "Ting (Goden) Yao (CODE SIGNING KEY) <godenyao@apache.org>" imported
gpg: key 9475BD5D: public key "Roman V Shaposhnik (CODE SIGNING KEY) <rvs@apache.org>" imported
gpg: key 2858A0C9: public key "Lei Chang <lei_chang@apache.org>" imported
gpg: key 57325522: public key "Edward Bartolo Espino (CODE SIGNING KEY) <espino@apache.org>" imported
gpg: Total number processed: 6
gpg: imported: 6 (RSA: 5)
gpg: no ultimately trusted keys found
$ gpg2 --verify apache-hawq-srcmadlib-2.1.0.011-incubating.tar.gz-bin-Linux.rpm.asc
gpg: assuming signed data in 'apache-hawq-src-2.1.0.0-incubating.tar.gz`apache-madlib-1.11-incubating-bin-Linux.rpm'
gpg: Signature made Tue Jan 10 17:25:01 2017 CST Mon May 1 14:42:16 2017 PDT using RSA key ID 5732552228D2C789
gpg: Good signature from "Edward Bartolo Espino Rashmi Raghu (CODE SIGNING KEY) <espino@<rashmiraghu@apache.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: BBED A7B5 F336 D516 B34A DE0C FC06 62F2 5732 5522

office-4-125:madlib-v1dot11-artifacts rraghu$
office-4-125:madlib-v1dot11-artifacts rraghu$ gsha512sum $ gsha256sum --check apache-hawq-srcmadlib-2.1.0.011-incubating-bin-Linux.tarrpm.gz.sha256sha512
apache-hawq-srcmadlib-2.1.0.011-incubating.tar.gz-bin-Linux.rpm: OK
$ office-4-125:madlib-v1dot11-artifacts rraghu$ gmd5sum --check apache-hawqmadlib-src-2.1.0.011-incubating.tar.gz-bin-Linux.rpm.md5
apache-hawq-srcmadlib-2.1.0.011-incubating.tar.gz-bin-Linux.rpm: OK

...

Commit artifacts to Apache dist site:

 

...

...

 

 

...

Vote on the Release

As per the Apache Incubator release guidelines, all releases for incubating projects must go through a two-step voting process. First, release voting must successfully pass within the Apache HAWQ community via the dev@hawq.incubator.apache.org mail list. Then, release voting must successfully pass within the Apache Incubator PMC via the general@incubator.apache.org mail list.

General information regarding the Apache voting process can be found here.

Apache HAWQ Community Vote 

...

 

...

This is the vote for <release name> of Apache HAWQ (incubating). This is a Source only release.
The vote will run for at least 72 hours and will close on <vote closing date>.
Release Notes (Jira generated):
 <JIRA Release Notes URL>
Release verification steps can be found at:
 https://cwiki.apache.org/confluence/display/HAWQ/Release+Process%3A+Step+by+step+guide#ReleaseProcess:Stepbystepguide-ValidatetheReleaseCandidate
Git branch for the release:
 https://github.com/apache/incubator-hawq/tree/<release name>
Sources for the release:
 https://dist.apache.org/repos/dist/dev/incubator/hawq/<release name>.RC#/apache-hawq-src-<release name>.tar.gz
Source release verification:
 PGP Signature:
 https://dist.apache.org/repos/dist/dev/incubator/hawq/<release name>.RC#/apache-hawq-src-<release name>.tar.gz.asc
 MD5/SHA256 Hash:
 https://dist.apache.org/repos/dist/dev/incubator/hawq/<release name>.RC#/apache-hawq-src-<release name>.tar.gz.md5
 https://dist.apache.org/repos/dist/dev/incubator/hawq/<release name>.RC#/apache-hawq-src-<release name>.tar.gz.sha256
Keys to verify the signature of the release artifact are available at:
 https://dist.apache.org/repos/dist/dev/incubator/hawq/KEYS
The artifact(s) have been signed with Key : <CODE SIGNING KEY ID>
Please vote accordingly:
[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove (and reason why)

...

Once 72 hours has passed (which is generally preferred) and/or at least three +1 (binding) votes have been cast with no -1 (binding) votes, send an email closing the vote and pronouncing the release candidate a success. Please use the subject:[RESULT][VOTE]: Apache HAWQ <release version> Release

...

[number] +1 (binding) votes
[number] -1 (binding) votes

A vote Apache HAWQ <release version> will now be called on
general@incubator.apache.org.

Incubator PMC Vote

Once the candidate release vote passes on dev@hawq.apache.incubator.org, call a vote on IMPC general@incubator.apache.org with an email a with subject: [VOTE]: Apache HAWQ <release version> Release and a body along the lines of:

 

The PPMC vote for the Apache HAWQ <release version> release has
passed. We kindly request that the IPMC now vote on the release.

The PPMC vote thread is located here: <link to the dev voting thread>

The artifacts can be downloaded here:

https://dist.apache.org/repos/dist/dev/incubator/hawq/release/<release number>

The artifacts have been signed with Key : <ID of signing key>

All JIRAs completed for this release are tagged with 'FixVersion
= <release version>'. You can view them here: <insert link to the
JIRA release notes>

Please vote accordingly:

[ ] +1, accept as the official Apache HAWQ <release number> release 
[ ] -1, do not accept as the official Apache HAWQ <release number> release because...

The vote will run for at least 72 hours.

If any -1 (binding) votes are entered, then address them such that the voter changes their vote to a +1 (binding) or cancel the vote, fix the issues, and start over with Prepare Tarballs (including re-voting within the Apache HAWQ community on dev@hawq.apache.incubator.org).

Once 72 hours has passed (which is generally preferred) and/or at least three +1 (binding) votes have been cast with no -1 (binding) votes, send an email closing the vote and pronouncing the release candidate a success. Please use the subject: [RESULT][VOTE]: Apache HAWQ <release version> Release

 

...

[number] +1 (binding) votes
[number] -1 (binding) votes

The Apache HAWQ (incubating) community will proceed with the release.



...

 

 

Publishing and Distributing Release

  1. Finalizing your tag
    switching to master branch
    git tag -s rel/v{version} <commit SHA> -m "Apache HAWQ(incubating) {version) release (<other comments>)"

     

    Info
    titleSign your release tag

    You need to configure your git user signing key first before you can sign a tag.

    git config --global user.signingkey <Your secret key SHA>
  2. Push your tag to remote (origin)
    git push origin rel/v{version}
     

  3. Move tarballs from staging (dev) folder to release location:

    svn mv https://dist.apache.org/dist/dev/incubator/hawq/{version}.RC#/ https://dist.apache.org/dist/release/incubator/hawq/{version}
    Info
    titleCommit Message

    As if you put https URL in svn commands, it'll commit automatically. A text editor will popup for you to edit commit message, put something like: "Release Apache HAWQ (incubating) {{version}}"

  4. Add download link on hawq website: http://hawq.apache.org/
  5. Go to http://issues.apache.org/jira/browse/hawq to release the specific version (need admin permission, under "Version")
  6. Update the news on http://incubator.apache.org/projects/hawq.html.
  7. Add the document for the version into the hawq website and modify the link if needed. (https://github.com/apache/incubator-hawq-site)

 


...

Announce the Release

...

the

...

Release

...

Apache HAWQ (incubating) Project Team is proud to announce Apache
HAWQ <release version> has been released.
Apache HAWQ (incubating) combines exceptional MPP-based analytics
performance, robust ANSI SQL compliance, Hadoop ecosystem
integration and manageability, and flexible data-store format
support, all natively in Hadoop, no connectors required. Built
from a decade’s worth of massively parallel processing (MPP)
expertise developed through the creation of the Pivotal
Greenplum® enterprise database and open source PostgreSQL, HAWQ
enables to you to swiftly and interactively query Hadoop data,
natively via HDFS.

...

All changes:
https://cwiki.apache.org/confluence/display/HAWQ/HAWQ+Release+2.1.0.0-incubating+Release

...

Apache HAWQ (incubating) is an effort undergoing incubation at The
Apache Software Foundation (ASF), sponsored by the name of Apache
Incubator PMC. Incubation is required of all newly accepted
projects until a further review indicates that the
infrastructure, communications, and decision making process have
stabilized in a manner consistent with other successful ASF
projects. While incubation status is not necessarily a reflection
of the completeness or stability of the code, it does indicate
that the project has yet to be fully endorsed by the ASF.

...

General Apache information regarding announcing a release may be found here.

 

...

Miscellaneous

...