...

git clone -b v{X.Y.Z} https://git-wip-usgitbox.apache.org/repos/asf/knox.git knox-{X.Y.Z}
cd knox-{X.Y.Z}

...

Verify the signatures for both the source and binary distribution. Note: This assumes that gpg is installed.

export KNOX_VERSION={X.Y.Z}
gpg --verify knox-{X.Y.Z${KNOX_VERSION}-src.zip.asc knox-{X.Y.Z${KNOX_VERSION}-src.zip
gpg --verify knox-{X.Y.Z${KNOX_VERSION}.zip.asc knox-{X.Y.Z${KNOX_VERSION}.zip

gpg --verify knox-{X.Y.Z${KNOX_VERSION}.tar.gz.asc knox-${KNOX_VERSION}.tar.gz
gpg --verify knoxshell-${KNOX_VERSION}.zip.asc knox-{X.Y.Z knoxshell-${KNOX_VERSION}.zip
gpg --verify knoxshell-${KNOX_VERSION}.tar.gz.asc knoxshell-${KNOX_VERSION}.tar.gz

Verify the SHA-256 and SHA-1 512 hashes for both the source and binary distribution. Note: This assumes a Linux or MacOS environment with openssl installed.

cat knox-export KNOX_VERSION={X.Y.Z}
cat knox-${KNOX_VERSION}-src.zip.shasha256 && openssl sha1 sha256 knox-${KNOX_VERSION}-src.zip
cat knox-{X.Y.Z${KNOX_VERSION}-src.zip.sha512 && openssl sha512 knox-${KNOX_VERSION}-src.zip 
cat knox-{X.Y.Z${KNOX_VERSION}.zip.sha256 && openssl sha256 knox-${KNOX_VERSION}.zip
cat knox-${KNOX_VERSION}.zip.shasha512 && openssl sha1sha512 knox-{X.Y.Z${KNOX_VERSION}.zip 

cat knox-{X.Y.Z${KNOX_VERSION}.tar.gz.shasha256 && openssl sha1sha256 knox-${X.Y.ZKNOX_VERSION}.tar.gz
cat knox-${KNOX_VERSION}.tar.gz

Verify the MD5 digest for both the source and binary distribution. Note: This assumes a Linux or MacOS environment with openssl installed.

cat.sha512 && openssl sha512 knox-${X.Y.Z}-srcKNOX_VERSION}.tar.gz
cat knoxshell-${KNOX_VERSION}.zip.md5sha256 && openssl md5sha256 knoxknoxshell-{X.Y.Z}-src${KNOX_VERSION}.zip
cat knoxknoxshell-{X.Y.Z${KNOX_VERSION}.zip.md5sha512 && openssl md5sha512 knoxknoxshell-{X.Y.Z${KNOX_VERSION}.zip

cat knox-{X.Y.Zcat knoxshell-${KNOX_VERSION}.tar.gz.sha256 && openssl sha256 knoxshell-${KNOX_VERSION}.tar.gz
cat knoxshell-${KNOX_VERSION}.tar.gz.md5sha512 && openssl md5sha512 knoxknoxshell-{X.Y.Z${KNOX_VERSION}.tar.gz

Tag Release Candidate

...

You will be prompted for your Jenkins SVN username and password.

ant download-stage verify-stage

...

Send a [VOTE] email to the dev@knox list. A template was output by the sign step above as target/vote.emltxt.

...

...

From: ${release-manager}@apache.org
To: dev@${gateway-project}.apache.org
Subject: [VOTE] Release ${gateway-name} ${gateway-version}


A candidate for the ${gateway-name} ${gateway-version} release is available at:
https://dist.apache.org/repos/dist/dev/${gateway-project}/${gateway-project}-${gateway-version}/


The release candidate is a zip archive of the sources in:
https://git-wip-us.apache.org/repos/asf/knox.git
Branch v${gateway-version} (git checkout -b v{gateway-version})


The SHA1 checksum of the archive is ${checksum}.
The KEYS file for signature validation is available at: https://dist.apache.org/repos/dist/release/knox/KEYS


Please vote on releasing this package as ${gateway-name} ${gateway-version}.
The vote is open for the next 72 hours and passes if a majority of at
least three +1 ${gateway-name} PMC votes are cast.


[ ] +1 Release this package as ${gateway-name} ${gateway-version}
[ ] -1 Do not release this package because...${line.separator}

Iterate based on feedback until vote passes

...

mvn -Papache-release -Drepo.id=apache.releases.https deploy 
 

...

If you have issues with the above command due to javadoc warnings, something like this can be done: 

mvn -Dmaven.javadoc.failOnError=false -Papache-release -Drepo.id=apache.releases.https deploy

...