...
The full checklist can be found here: Incubator Release Checklist.
Prerequisites
For macMacOS:
Code Block |
---|
brew install gpg |
For ubuntu:
Code Block |
---|
sudo apt install gnupg |
For RHEL or CentOS:
Code Block |
---|
sudo yum install gnupg |
Downloading the release files
Suppose you are going to validate version {a.b.c-RCd}.
A release consists of a source zip, a signature file, a sha512 checksum file.
...
No Format |
---|
gpg --verify apache-pegasus-2a.1b.0c-incubating-src.zip.asc apache-pegasus-2a.1b.0c-incubating-src.zip |
This should produce something like this: ("Good signature" means correct!)
...
Verifying the checksum (SHA512)
Linux:
No Format |
---|
sha512sum --check apache-pegasus-a.b.c-incubating-src.zip.sha512 |
MacOS:
Code Block |
---|
shasum -a 512 --check apache-pegasus-2a.1b.0c-incubating-src.zip.sha512 |
If it produces "apache-pegasus-2a.1b.0c-incubating-src.zip: OK", it means the package is good.
...
Before building it might be a good idea to run RAT on the unpacked sources. This tool will find all binaries and files without license headers.
Download the latest version of RAT from here: apache-rat-0.13-bin.tar.gz: https://creadur.apache.org/rat/download_rat.cgi
Unpack it somewhere and run the following command, for example, you are using apache-rat-0.15:
No Format |
---|
java -jar apache-rat-0.1315/apache-rat-0.1315.jar -d apache-pegasus-a.b.c-incubating-src \ -E apache-pegasus-a.b.c-incubating-src/.rat-excludes \ -e apache-pegasus-a.b.c-incubating-src/rdsn |
Sample output (with 0 Unknown Licenses):
Code Block |
---|
*****************************************************
Summary
-------
Generated at: 2022-09-27T23:55:44+08:00
Notes: 3
Binaries: 14
Archives: 0
Standards: 1629
Apache Licensed: 1041
Generated Documents: 0
JavaDocs are generated, thus a license header is optional.
Generated files do not require license headers.
0 Unknown Licenses
***************************************************** |
Compile Pegasus
Please read the document compile-from-source or compile-by-docker to build pegasus.
Reply to the vote thread
...
+1/0/-1 (binding) # "binding" means you are an Apache PMC/PPMC. If not, "not-binding" here.
I checked:
(yes/no) Do release files have the word incubating in their name?
(yes/no) Are Are the digital signature signatures and hashes correct?
(yes/no) Does Does a DISCLAIMER file exist?
(yes/no) Do LICENSE and NOTICE files exist?
(yes/no) Is the LICENSE and NOTICE text correct?
(yes/no) Is the NOTICE year correct?
(yes/no) Un-included software dependencies are not mentioned in LICENSE or NOTICE?
(yes/no) License information is not mentioned in NOTICE?
Is (yes/no) Is there any 3rd party code contained inside the release? If so:
(yes/no) Does the software have a compatible license?
(yes/no) Are all software licenses mentioned in LICENSE?
(yes/no) Is the full text of the licenses (or pointers to it) in LICENSE?
Is (yes/no) Is any of this code Apache-licensed? Do ?
(yes/no) Do all source files have ASF headers?
(yes/no) Do they have NOTICE files? If so:
(yes/no) Have relevant parts of those NOTICE files been added to this NOTICE file?(yes/no) Do all source files have ASF headers?
(yes/no) Do the contents of the release match with what's tagged in version control?
(yes/no) Are there any unexpected binary files in the release?
(yes/no) Can you compile from source? Are the instructions clear?
...