You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »


Preliminaries

Apache Release Documentation

Code Signing Key

Create a code signing gpg key for release signing; use <your Apache ID>@apache.org for your primary ID for the code signing key. See the Apache Release Signing documentation for further information.

Ensure JIRA Issues are Appropriately Tagged for the Release 

Ensure that all HAWQ JIRA issues that are addressed in this release are marked with the release version in the ‘FixVersion’ field of the issue.

 

Creating and Validating the Release Candidate

  • Build is successful (Refer to Build and Install for build instructions)
  • DISCLAIMER is correct, filenames include “incubating”
  • LICENSE and NOTICE files are correct and dependency licenses are acceptable
  • All source files have license headers where appropriate, RAT checks pass
    • Additional check:
      • pom.xml (For artifactId "hawq", verify version is consistent with the version specified in getversion file in the root directory).
  • The provenance of all source files is clear (ASF or software grants)
  • Create the Release Candidate
  • Sign the Release Candidate
  • Verify the Release Candidate signatures
  • Commit artifacts to the Apache dist site 


Create the Release Candidate

Prepare Tarballs

Send email to dev@madlib.incubator.apache.org for instructions on how to do this.

Prepare rpm and dmg binaries

Send email to dev@madlib.incubator.apache.org for instructions on how to do this.


Sign the Release Candidate

Check that md5, shasum, and gpg (or gpg2) are installed on your machine:

$ which gpg shasum md5
/usr/local/bin/gpg
/usr/bin/shasum
/sbin/md5

Install using Hombrew (on Mac OS) if needed e.g.:

$ brew install gnupg
==> Downloading ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.19.tar.bz2
######################################################################## 100.0%
==> ./configure --disable-silent-rules --prefix=/usr/local/Cellar/gnupg/1.4.19 --disable-asm
==> make
==> make check
==> make install

    /usr/local/Cellar/gnupg/1.4.19: 53 files, 5.4M, built in 87 seconds
office-4-125:release_manager_stuff rraghu$ which gpg
/usr/local/bin/gpg

 

Prepare MD5, SHA256 and ASC files from the source tarball and binaries:

md5 <your release tarball or binary> > <your release tarball or binary>.md5
shasum -a 512 <your release tarball or binary> > <your release tarball or binary>.sha512
gpg --detach-sign -a <your release tarball or binary>

Example:

$ md5 apache-madlib-1.11-incubating-src.tar.gz > apache-madlib-1.11-incubating-src.tar.gz.md5
$ shasum -a 512 apache-madlib-1.11-incubating-src.tar.gz > apache-madlib-1.11-incubating-src.tar.gz.sha512
$ gpg --detach-sign -a apache-madlib-1.11-incubating-src.tar.gz

You need a passphrase to unlock the secret key for
user: "Rashmi Raghu (CODE SIGNING KEY) <rashmiraghu@apache.org>"
4096-bit RSA key, ID 28D2C789, created 2017-05-01

 

$ ls -la

-rw-r--r--@ 1 rraghu staff 9961787 May 1 13:55 apache-madlib-1.11-incubating-bin-Darwin.dmg
-rw-r--r-- 1 rraghu staff 819 May 1 14:29 apache-madlib-1.11-incubating-bin-Darwin.dmg.asc
-rw-r--r-- 1 rraghu staff 86 May 1 14:27 apache-madlib-1.11-incubating-bin-Darwin.dmg.md5
-rw-r--r-- 1 rraghu staff 175 May 1 14:28 apache-madlib-1.11-incubating-bin-Darwin.dmg.sha512
-rw-r--r--@ 1 rraghu staff 3868116 May 1 13:55 apache-madlib-1.11-incubating-bin-Linux-GPDB5alpha1.rpm
-rw-r--r-- 1 rraghu staff 819 May 1 14:48 apache-madlib-1.11-incubating-bin-Linux-GPDB5alpha1.rpm.asc
-rw-r--r-- 1 rraghu staff 97 May 1 14:46 apache-madlib-1.11-incubating-bin-Linux-GPDB5alpha1.rpm.md5
-rw-r--r-- 1 rraghu staff 186 May 1 14:47 apache-madlib-1.11-incubating-bin-Linux-GPDB5alpha1.rpm.sha512
-rw-r--r--@ 1 rraghu staff 18527053 May 1 13:55 apache-madlib-1.11-incubating-bin-Linux.rpm
-rw-r--r-- 1 rraghu staff 819 May 1 14:43 apache-madlib-1.11-incubating-bin-Linux.rpm.asc
-rw-r--r-- 1 rraghu staff 85 May 1 14:41 apache-madlib-1.11-incubating-bin-Linux.rpm.md5
-rw-r--r-- 1 rraghu staff 174 May 1 14:41 apache-madlib-1.11-incubating-bin-Linux.rpm.sha512
-rw-r--r--@ 1 rraghu staff 2474217 May 1 13:56 apache-madlib-1.11-incubating-src.tar.gz
-rw-r--r-- 1 rraghu staff 819 May 1 14:45 apache-madlib-1.11-incubating-src.tar.gz.asc
-rw-r--r-- 1 rraghu staff 82 May 1 14:44 apache-madlib-1.11-incubating-src.tar.gz.md5
-rw-r--r-- 1 rraghu staff 171 May 1 14:45 apache-madlib-1.11-incubating-src.tar.gz.sha512

 

Validate the Release Candidate 

As per the Apache documentation, verify that the release candidate artifacts satisfy the following:

  • PGP signatures and SHA256/MD4 checksum verification

Example (performed on Mac OS):

$ brew install gpg coreutils

$ which gpg gsha512sum gmd5sum
/usr/local/bin/gpg
/usr/local/bin/gsha512sum
/usr/local/bin/gmd5sum

$ gpg --verify apache-madlib-1.11-incubating-bin-Linux.rpm.asc
gpg: assuming signed data in `apache-madlib-1.11-incubating-bin-Linux.rpm'
gpg: Signature made Mon May 1 14:42:16 2017 PDT using RSA key ID 28D2C789
gpg: Good signature from "Rashmi Raghu (CODE SIGNING KEY) <rashmiraghu@apache.org>"
office-4-125:madlib-v1dot11-artifacts rraghu$
office-4-125:madlib-v1dot11-artifacts rraghu$ gsha512sum --check apache-madlib-1.11-incubating-bin-Linux.rpm.sha512
apache-madlib-1.11-incubating-bin-Linux.rpm: OK
office-4-125:madlib-v1dot11-artifacts rraghu$ gmd5sum --check apache-madlib-1.11-incubating-bin-Linux.rpm.md5
apache-madlib-1.11-incubating-bin-Linux.rpm: OK

 

Commit artifacts to Apache dist site:

 

 

Vote on the Release

General information regarding the Apache voting process can be found here.

Apache HAWQ Community Vote 

Incubator PMC Vote



Publishing and Distributing Release


Announce the Release

General Apache information regarding announcing a release may be found here.

 

Miscellaneous

 

  • No labels