Hello Apache NiFi community,
Thanks for your interest in helping to vote on a release candidate. First it is a good idea to review http://nifi.apache.org/release-guide.html. This page provides important background material to understand the mechanics and meaning of a release. It explains how things like +1, -1, 0, binding, and non binding votes work. With the above in mind lets dive right into the main steps in reviewing a release candidate of Apache NiFi (note the steps for NiFi Registry, MiNiFi, etc.. may differ).
Please find the associated guidance to help those interested in validating/verifying the release so they can vote.
Download latest KEYS file
wget https://dist.apache.org/repos/dist/dev/nifi/KEYS
wget for Windows can be found here.
Import keys file
gpg --import KEYS
On Windows cmder includes gpg.
[optional] Clear out local maven artifact repository
rm -rf ~/.m2/repository/*
Pull down nifi-1.20.0 source release artifacts for review
wget https://dist.apache.org/repos/dist/dev/nifi/nifi-1.20.0/nifi-1.20.0-source-release.zip
wget https://dist.apache.org/repos/dist/dev/nifi/nifi-1.20.0/nifi-1.20.0-source-release.zip.asc
wget https://dist.apache.org/repos/dist/dev/nifi/nifi-1.20.0/nifi-1.20.0-source-release.zip.sha256
wget https://dist.apache.org/repos/dist/dev/nifi/nifi-1.20.0/nifi-1.20.0-source-release.zip.sha512
Verify the signature
gpg --verify -v nifi-1.20.0-source-release.zip.asc
Verify the hashes (sha256, sha512) match the source and what was provided in the vote email thread
shasum -a 256 nifi-1.20.0-source-release.zip
shasum -a 512 nifi-1.20.0-source-release.zip
On Windowscertutil -hashfile nifi-1.20.0-source-release.zip SHA256
certutil -hashfile nifi-1.20.0-source-release.zip SHA512
Unzip nifi-1.20.0-source-release.zip
unzip nifi-1.20.0-source-release.zip
Verify the build works including release audit tool (RAT) checks
cd nifi-1.20.0
mvn -T 1C clean install -Pcontrib-check
Further checks:
- Verify the contents contain a good README, NOTICE, and LICENSE.
- Verify the git commit ID is correct
- Verify the RC was branched off the correct git commit ID
- Look at the resulting convenience binaries as found in:
- nifi-assembly/target
- nifi-registry/nifi-registry-assembly/target
- nifi-toolkit/nifi-toolkit-assembly/target
- minifi/minifi-assembly/target
- Make sure the README, NOTICE, and LICENSE are present and correct
- Run the resulting convenience binary and make sure it works as expected
- Send a response to the vote thread indicating a +1, 0, -1 based on your findings.
Thank you for your time and effort to validate the release!