Return-Path: X-Original-To: apmail-apex-dev-archive@minotaur.apache.org Delivered-To: apmail-apex-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D1D3C18B1A for ; Tue, 16 Feb 2016 19:18:31 +0000 (UTC) Received: (qmail 16509 invoked by uid 500); 16 Feb 2016 19:18:31 -0000 Delivered-To: apmail-apex-dev-archive@apex.apache.org Received: (qmail 16444 invoked by uid 500); 16 Feb 2016 19:18:31 -0000 Mailing-List: contact dev-help@apex.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@apex.incubator.apache.org Delivered-To: mailing list dev@apex.incubator.apache.org Received: (qmail 16428 invoked by uid 99); 16 Feb 2016 19:18:31 -0000 Received: from Unknown (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 16 Feb 2016 19:18:31 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id EAA5918067E for ; Tue, 16 Feb 2016 19:18:30 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -4.349 X-Spam-Level: X-Spam-Status: No, score=-4.349 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.329] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id sQkk2JNcl_iW for ; Tue, 16 Feb 2016 19:18:28 +0000 (UTC) Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with SMTP id CA97A5FAF3 for ; Tue, 16 Feb 2016 19:18:27 +0000 (UTC) Received: (qmail 16404 invoked by uid 99); 16 Feb 2016 19:18:26 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 16 Feb 2016 19:18:26 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id D2DB5E020D; Tue, 16 Feb 2016 19:18:26 +0000 (UTC) From: vrozov To: dev@apex.incubator.apache.org Reply-To: dev@apex.incubator.apache.org References: In-Reply-To: Subject: [GitHub] incubator-apex-site pull request: APEXCORE-215 #comment Added Apac... Content-Type: text/plain Message-Id: <20160216191826.D2DB5E020D@git1-us-west.apache.org> Date: Tue, 16 Feb 2016 19:18:26 +0000 (UTC) Github user vrozov commented on a diff in the pull request: https://github.com/apache/incubator-apex-site/pull/11#discussion_r53062507 --- Diff: src/md/verification.md --- @@ -0,0 +1,88 @@ +# How to verify Apache Apex (incubating) release candidate builds + +## Prerequisites +1. *gpg* program should be installed on your system. +2. Download the KEYS file and import it. This is one time activity. +```bash +wget https://dist.apache.org/repos/dist/release/incubator/apex/KEYS +gpg --import KEYS +``` +3. You can also created your own key which is required if you would like to sign the build. This step is optional. +```bash +gpg --gen-key +``` +Please provide 4096 as keysize while generating the key. + +## File integrity check +Download all files present in staging directory of the RC build. Staging directory link is shared in VOTE thread of the release candidate. + +```bash +wget -r -np -nd / +``` +Note the link should end with "/". + +Define the apex release candidate variable. We will set it up *apex-3.3.0-incubating* as an example. +```bash +APEX_RELEASE_CANDIDATE=apex-3.3.0-incubating +``` + +Verify integrity of tar.gz file: +```bash +gpg --verify $APEX_RELEASE_CANDIDATE-source-release.tar.gz.asc +md5sum --check $APEX_RELEASE_CANDIDATE-source-release.tar.gz.md5 +sha512sum --check $APEX_RELEASE_CANDIDATE-source-release.tar.gz.sha +``` + +Verify integrity of .zip file: +```bash +gpg --verify $APEX_RELEASE_CANDIDATE-source-release.zip.asc +md5sum --check $APEX_RELEASE_CANDIDATE-source-release.zip.md5 +sha512sum --check $APEX_RELEASE_CANDIDATE-source-release.zip.sha +``` +## Source code verification +You can extract source either using .tar.gz file or .zip file. + +### Using .tar.gz source +Extract source using .tar.gz: +```bash +tar -zxvf $APEX_RELEASE_CANDIDATE-source-release.tar.gz +``` +### Using .zip source +```bash +unzip $APEX_RELEASE_CANDIDATE-source-release.zip +``` + +Any of the two commands above will create a directory named after *apex release candidate*. + +### Check for compilation, license headers, etc. + +The last step is optional and needs prerequisite 3 given above. +```bash +cd $APEX_RELEASE_CANDIDATE +mvn clean apache-rat:check verify -Dlicense.skip=false -Pall-modules verify -Papache-release package --- End diff -- Is it necessary to have multiple verify and package goal? Will it be sufficient to have only one of them? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastructure@apache.org or file a JIRA ticket with INFRA. ---