THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
We need to do some verification in our own environment before voting.
Check the filelist
- incubating in name if an incubating project
- CHANGES.txt
- [project]-source-release.zip
- [project].pom
- Signature file.
- Hash files.
DO NOT provide md5 or sha1 files.
Download source package and unpack
Download griffin-0.2.0-incubating-source-release.zip from the dist page.
Unpack the zip.
Verify signature files
Install gpg (GnuPG).
(I suggest you use C3 machine with ubuntu, which has installed gpg already)
...
| No Format |
|---|
gpg --verify griffin-0.2.0-incubating-source-release.zip.asc griffin-0.2.0-incubating-source-release.zip // do the same thing to download and verify griffin-0.2.0-incubating.pom with griffin-0.2.0-incubating.pom.asc gpg --verify griffin-0.2.0-incubating.pom.asc griffin-0.2.0-incubating.pom |
Verify hash files
Download griffin-0.2.0-incubating-source-release.zip.sha1 from Download the .sha512 files from the dist page.
on linux:
| No Format |
|---|
for f in *.sha1sha512; do echo "$(cat $f) ${f/.sha1/}"; done | sha1sumsha512sum -c |
on mac:
| No Format |
|---|
for f in *.sha1sha512; do echo "$(cat $f) ${f/.sha1/}"; done | shasum -a 512 -c |
Check the filelist inside
In Unzip and change Into the directory, check the files exists:
- LICENSE
- NOTICEDISCLAIMER
Check the licenses
| No Format |
|---|
mvn apache-rat:check |
It should be success.
Source compile
| No Format |
|---|
mvn clean install |
It should be success. (For npm install, it runs for about 30 minutes on my machine, you can wait or skip it)
Check the third party licenses
Check the licenses of bundled resources.
...