Info | ||
---|---|---|
| ||
This page is obsolete. It has been replaced with: http://trafodion.apache.org/release.html |
Redirect | ||
---|---|---|
|
This document describes how to release the source version of Trafodion.
...
Create keys needed to sign the release
If you do not have a key setup up for Apache, do it now
Create your key
Create your key that can be used to sign releases: http://www.apache.org/dev/openpgp.html#generate-key.
Remember to store your private key is a secure place.
For example:
gpg --gen-key (verify that sha1 is avoided (last on list – see above web site)
gpg -k (shows public key)
gpg -K (shows private key)
Upload your public key to a public key server
Recommend using: http://pgp.mit.edu/ keyserver
For example:
gpg --send-keys <keyID> --keyserver pgp.mit.edu
Create a revocation certificate
It is recommended that you create a revocation certification: http://www.apache.org/dev/openpgp.html#revocation-certs
Remember to store it in a secure place separate from your key
For example:
gpg --output revoke-<keyD>.asc --armor --gen-revoke <keyID>
Add your key the the KEYS file
You need to be a committer to perform this step:
svn co https://dist.apache.org/repos/dist/release/incubator/trafodion traf_release
cd traf_release
gpg --list-sigs <keyID> >> KEYS
gpg -armor –export <keyID>
svn commit –m “added new public key to KEYS file“
Preparing the artifacts
Prepare for a new release
...
start with a clean git clone and a fresh ssh session
git checkout -b artifactsx.x.xartifacts x.x.xrc1
cd ../incubator-trafodion
source ./env.sh
make package-src
cd distribution; ls
...
It is assumed that the signer has already created their signing key and registered their public key in the http://pgp.mit.edu/ pubic repository.
gpg --armor --output apache-trafodion-x.x.x-incubating-src.tar.gz.asc --detach-sig apache-trafodion-x.x.x-incubating-src.tar.gz
gpg --verify apache-trafodion-x.x.x-incubating-src.tar.gz.asc
md5sum apache-trafodion-x.x.x-incubating-src.tar.gz > apache-trafodion-x.x.x-incubating-src.tar.gz.md5
sha1sum apache-trafodion-x.x.x-incubating-src.tar.gz > apache-trafodion-x.x.x-incubating-src.tar.gz.sha
...
In addition, you should compare the code from the source tar file with the tagged version to make sure they match.
This assumes that branch artifactsx.x.x artifacts contains the proposed artifactsrelease candidates.
mkdir traf_test
cd traf_test
cp <git ...dir>/incubator-trafodion/distribution/* traf_test/.
tar zxf apache-trafodion-x.x.x-incubating-src.tar.gz
compare the two versions, for example using BCompare and the "Folder Compare Report" feature:
old: ../traf_test/incubator-trafodion
new: <git ..dir>/incubator-trafodion
Note: the git version will have some additional git folders and the distribution directory
...