Page History

...

1. Locate an empty directory to download the artifacts and build (e.g: ${RANGER_RELEASE_DIR})
   
2. Download all artifacts specified in the release email (e.g:  apache-ranger-${RANGER_RELEASE}.tar.gz )
3. Download the PGP Signature file associated with the release artifact (eg: apache-ranger-${RANGER_RELEASE}.tar.gz.asc)
4. Download the SHA256 Signature file associated with the release artifact (eg: apache-ranger-${RANGER_RELEASE}.tar.gz.sha256)
5. Download the SHA512 Signature file associated with the release artifact (eg: apache-ranger-${RANGER_RELEASE}.tar.gz.asc.sha51)
   
6. VALIDATION # 1 : Build the ranger binaries using the source downloaded
7. VALIDATION # 2 : Ensure that the signature associated with the downloaded source is matching with the downloaded signature file(s).

8. Run the following commands to validate the ranger build#1 and #2:
   
   

   Code Block
   language bash title Define Environment Variables
   RANGER_RELEASE_DIR="${HOME}/ranger-validation" # PLEASE define this variable depending on your needs RANGER_RELEASE="2.4.0" # PLEASE define your RELEASE number such as 2.2.0 .... RANGER_RC="rc2" # PLEASE define your Release Candidate Prefix

   
   

   Code Block
   language bash title Download Artifacts
   RANGER_DOWNLOAD_URL_PREFIX="https://dist.apache.org/repos/dist/dev/ranger/${RANGER_RELEASE}-${RANGER_RC}" RANGER_KEYS_URL="https://dist.apache.org/repos/dist/release/ranger/KEYS" RANGER_RELEASE_SOURCE="apache-ranger-${RANGER_RELEASE}.tar.gz" # mkdir -p ${RANGER_RELEASE_DIR} cd ${RANGER_RELEASE_DIR} # Download all artifacts into this directory rm -f ${RANGER_RELEASE_SOURCE} rm -f ${RANGER_RELEASE_SOURCE}.asc ${RANGER_RELEASE_SOURCE}.sha256 ${RANGER_RELEASE_SOURCE}.sha512 curl -o ${RANGER_RELEASE_SOURCE} "${RANGER_DOWNLOAD_URL_PREFIX}/${RANGER_RELEASE_SOURCE}" curl -o ${RANGER_RELEASE_SOURCE}.asc "${RANGER_DOWNLOAD_URL_PREFIX}/${RANGER_RELEASE_SOURCE}.asc" curl -o ${RANGER_RELEASE_SOURCE}.sha256 "${RANGER_DOWNLOAD_URL_PREFIX}/${RANGER_RELEASE_SOURCE}.sha256" curl -o ${RANGER_RELEASE_SOURCE}.sha512 "${RANGER_DOWNLOAD_URL_PREFIX}/${RANGER_RELEASE_SOURCE}.sha512" curl -o KEYS "${RANGER_KEYS_URL}"

   
   

   Code Block
   language bash firstline 1 title Apache build
   cd ${RANGER_RELEASE_DIR} rm -rf  apache-ranger-${RANGER_RELEASE} tar xf  ${RANGER_RELEASE_SOURCE} cd apache-ranger-${RANGER_RELEASE} # The following build command should successfully complete without any errors mvn -Pall -DskipTests=false clean compile package install

   
   

9. Run the following commands to validate the ranger release artifacts:
   
   

   Code Block
   language bash firstline 1 title Validate Release Artifacts
   # Go to the directory where the artifact is downloaded cd ${RANGER_RELEASE_DIR} [ -f KEYS ] && gpg --import KEYS > /dev/null 2>&1 # # VALIDATE: GPG signatures # gpg --verify ${RANGER_RELEASE_SOURCE}.asc ${RANGER_RELEASE_SOURCE} if [ $? -ne 0 ] then echo "***** ERROR *****: Unable to validate GPG signature for ${RANGER_RELEASE_SOURCE}" else echo "+OK: validated GPG signature for ${RANGER_RELEASE_SOURCE}" fi # # VALIDATE: the SHA256 and SHA512 Signatures with the content of file below ... # for SIG_ALGO in sha256 sha512 do GEN_SIG="`gpg --print-md SHA256 ${RANGER_RELEASE_SOURCE}`" FILE_SIG="`cat ${RANGER_RELEASE_SOURCE}.sha256`" if [ "${GEN_SIG}x" != "${FILE_SIG}x" ] then echo "**** ERROR *****: Unable to validate ${SIG_ALGO} signature for ${RANGER_RELEASE_SOURCE}" else echo "+OK: validated ${SIG_ALGO} signature for ${RANGER_RELEASE_SOURCE}" fi unset GEN_SIG unset FILE_SIG done

   
   

10. Once the validations are complete, please VOTE via email - replying to the original VOTE request using the process described in Apache VOTING Process.
     

...