This document describes how to release the source version of Trafodion.
Prerequisites
Create keys needed to sign the release
Notify the community about the upcoming release
Preparing the artifacts
Prepare release notes
Verify Apache requirements are met
Create a release branch and notify community when branch is available
Create artifacts
Test artifacts
Stage the artifacts
Once all the artifacts have been created and tested, it is time to stage them. Upload the artifacts to the https://dist.apache.org/repos/dist/dev/incubator/trafodion directory.
- Make sure svn exists – can be downloaded from yum
- which svn
- svn --version (version 1.6.11 works)
- Create a directory to store the svn repositoy
- Checkout source code, this creates a directory called incubator
svn co https://dist.apache.org/repos/dist/dev/incubator - cd trafodion
- Create a new directory for the release: mkdir apache-trafodion-x.x.x-incubating
- cd <apache-trafodion-x.x.x-incubating>
- Copy the four files to the incubating directory.
- Make sure you do an svn add for the new directory and all four files
- Ask for a review of the changes
- Commit your changes
- svn status
- svn commit –m "message…"
- go to https://dist.apache.org/repos/dist/dev/incubator to see if your changes were committed
Verification
At this time, all the artifacts have been uploaded to the staging area.
Verify signatures:
Download all the artifacts from the staging area including:
apache-trafodion-x.x.x-incubating-src.tar.gz
apache-trafodion-x.x.x-incubating-src.tar.gz.asc
apache-trafodion-x.x.x-incubating-src.tar.gz.md5
apache-trafodion-x.x.x-incubating-src.tar.gz.sha
Check signatures and checksums
For apache-trafodion-x.x.x-incubating-src.tar.gz.asc, do:
gpg apache-trafodion-x.x.x-incubating-src.tar.gz.asc
expect:
gpg: Signature made Tue 03 Nov 2015 12:59:10 AM UTC using RSA key ID A44C5A05
gpg: Can't check signature: No public keyextract public key from key ID returned above
gpg --keyserver pgpkeys.mit.edu --recv-key A44C5A05
expect:
gpg: requesting key A44C5A05 from hkp server pgpkeys.mit.edu
gpg: /home/centos/.gnupg/trustdb.gpg: trustdb created
gpg: key A44C5A05: public key "Roberta Marton (CODE SIGNING KEY) <rmarton@apache.org>" importedgpg --verify apache-trafodion-x.x.x-incubating-src.tar.gz.asc
expect:
gpg: Signature made <date> using RSA key ID A44C5A05
gpg: Good signature from "Roberta Marton (CODE SIGNING KEY) <rmarton@apache.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
For apache-trafodion-x.x.x-incugating-src.tar.gz.md5, do:
md5sum -c apache-trafodion-x.x.x-incubating-src.tar.gz.md5
expect: apache-trafodion-x.x.x-incubating-src.tar.gz: OK
For apache-trafodion-x.x.x-incubating-x.x.x-incubating-src.tar.gz.sha, do:
sha1sum -c apache-trafodion-x.x.x-incubating-src.tar.gz.sha
expect: apache-trafodion-x.x.x-incubating-src.tar.gz: OK
Verify the source tree
- Make a test directory: mkdir trafodion_prep; cd trafodion_prep
- untar the file to the new directory: tar –xvf apache-trafodion-x.x.x-incubating-src.tar.gz
- Check out the tagged version from git
- Compare the checked out version with the trafodion_prep directory, they should match. Suggestion - use the bcompare file compare report feature.
Verify Apache requirements
- Make sure that the high level directory contains: DISCLAIMER, NOTICE, LICENSE, README
- Run rat to make sure all files have Apache copyrights
Complete the release
Under construction