apex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vrozov <...@git.apache.org>
Subject [GitHub] incubator-apex-site pull request: APEXCORE-215 #comment Added Apac...
Date Tue, 16 Feb 2016 19:18:26 GMT
Github user vrozov commented on a diff in the pull request:

    https://github.com/apache/incubator-apex-site/pull/11#discussion_r53062507
  
    --- Diff: src/md/verification.md ---
    @@ -0,0 +1,88 @@
    +# How to verify Apache Apex (incubating) release candidate builds
    +
    +## Prerequisites
    +1. *gpg* program should be installed on your system.
    +2. Download the KEYS file and import it. This is one time activity.
    +```bash
    +wget https://dist.apache.org/repos/dist/release/incubator/apex/KEYS
    +gpg --import KEYS
    +```
    +3. You can also created your own key which is required if you would like to sign the
build. This step is optional.
    +```bash
    +gpg --gen-key
    +```
    +Please provide 4096 as keysize while generating the key.
    +
    +## File integrity check
    +Download all files present in staging directory of the RC build. Staging directory link
is shared in VOTE thread of the release candidate.
    +
    +```bash
    +wget -r -np -nd <staging-area-link>/
    +```
    +Note the link should end with "/".
    +
    +Define the apex release candidate variable. We will set it up *apex-3.3.0-incubating*
as an example.
    +```bash
    +APEX_RELEASE_CANDIDATE=apex-3.3.0-incubating
    +```
    +
    +Verify integrity of tar.gz file:
    +```bash
    +gpg --verify $APEX_RELEASE_CANDIDATE-source-release.tar.gz.asc
    +md5sum --check $APEX_RELEASE_CANDIDATE-source-release.tar.gz.md5
    +sha512sum --check $APEX_RELEASE_CANDIDATE-source-release.tar.gz.sha
    +```
    +
    +Verify integrity of .zip file:
    +```bash
    +gpg --verify $APEX_RELEASE_CANDIDATE-source-release.zip.asc
    +md5sum --check $APEX_RELEASE_CANDIDATE-source-release.zip.md5
    +sha512sum --check $APEX_RELEASE_CANDIDATE-source-release.zip.sha
    +```
    +## Source code verification
    +You can extract source either using .tar.gz file or .zip file.
    +
    +### Using .tar.gz source
    +Extract source using .tar.gz:
    +```bash
    +tar -zxvf $APEX_RELEASE_CANDIDATE-source-release.tar.gz
    +```
    +### Using .zip source
    +```bash
    +unzip $APEX_RELEASE_CANDIDATE-source-release.zip
    +```
    +
    +Any of the two commands above will create a directory named after *apex release candidate*.
    +
    +### Check for compilation, license headers, etc.
    +
    +The last step is optional and needs prerequisite 3 given above. 
    +```bash
    +cd $APEX_RELEASE_CANDIDATE
    +mvn clean apache-rat:check verify -Dlicense.skip=false -Pall-modules verify -Papache-release
package
    --- End diff --
    
    Is it necessary to have multiple verify and package goal? Will it be sufficient to have
only one of them?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message