Hello Apache NiFi community,
Thanks for your interest in helping to vote on a release candidate. First it is a good idea to review http://nifi.apache.org/release-guide.html. This page provides important background material to understand the mechanics and meaning of a release. It explains how things like +1, -1, 0, binding, and non binding votes work. With the above in mind lets dive right into the main steps in reviewing a release candidate of Apache NiFi NAR Maven Plugin.
Please find the associated guidance to help those interested in validating/verifying the release so they can vote.
Download latest KEYS file
wget https://dist.apache.org/repos/dist/dev/nifi/KEYS
wget for Windows can be found here.
Import keys file
gpg --import KEYS
On Windows cmder includes gpg.
[optional] Clear out local maven artifact repository
rm -rf ~/.m2/repository/*
Pull down nifi-nar-maven-plugin-1.5.1 source release artifacts for review
wget https://dist.apache.org/repos/dist/dev/nifi/nifi-nar-maven-plugin-1.5.1/nifi-nar-maven-plugin-1.5.1-source-release.zip
wget https://dist.apache.org/repos/dist/dev/nifi/nifi-nar-maven-plugin-1.5.1/nifi-nar-maven-plugin-1.5.1-source-release.zip.asc
wget https://dist.apache.org/repos/dist/dev/nifi/nifi-nar-maven-plugin-1.5.1/nifi-nar-maven-plugin-1.5.1-source-release.zip.sha256
wget https://dist.apache.org/repos/dist/dev/nifi/nifi-nar-maven-plugin-1.5.1/nifi-nar-maven-plugin-1.5.1-source-release.zip.sha512
Verify the signature
gpg --verify -v nifi-nar-maven-plugin-1.5.1-source-release.zip.asc
Verify the hashes (sha256, sha512) match the source and what was provided in the vote email thread
shasum -a 256 nifi-nar-maven-plugin-1.5.1-source-release.zip
shasum -a 512 nifi-nar-maven-plugin-1.5.1-source-release.zip
On Windowscertutil -hashfile nifi-nar-maven-plugin-1.5.1-source-release.zip SHA256
certutil -hashfile nifi-nar-maven-plugin-1.5.1-source-release.zip SHA512
Unzip nifi-nar-maven-plugin-1.5.1-source-release.zip
unzip -DD nifi-nar-maven-plugin-1.5.1-source-release.zip
Verify the build works. Release audit tool (RAT) check is included
cd nifi-nar-maven-plugin-1.5.1
mvn -T 1C clean install
Further checks:
- Verify the contents contain a good README, NOTICE, and LICENSE.
- Verify the git commit ID is correct
- Verify the RC was branched off the correct git commit ID
- Verify that NiFi can build NARs correctly using the plugin:
- Update NiFi's root pom to use version 1.5.1 of the plugin: https://github.com/apache/nifi/blob/main/pom.xml#L101
- Perform a build of NiFi, optionally clear out local .m2 repo mvn clean install
- Ensure that NiFi starts and loads all processors, controller services, and reporting tasks
- Spot check a few NARs to ensure they include META-INF/docs/extension-manifest.xml
- cp NIFI_HOME/lib/nifi-xyz-bundle.nar /tmp
- cd /tmp unzip nifi-xyz-bundle.nar
- cat META-INF/docs/extension-manifest.xml
- Send a response to the vote thread indicating a +1, 0, -1 based on your findings.
Thank you for your time and effort to validate the release!