With some liberal borrowing from the Felix script Guillaume pointed us to, I've converted Jeremy's release verification instructions (http://aries.apache.org/development/verifyingrelease.html) into a shell script. This should make it *much* easier for PMC members to validate our releases - just point and go. The script is at https://svn.apache.org/repos/asf/aries/scripts/verify_staged_release.sh. I've tested on mac, and I believe it will also work on cygwin and linux, although I'd love to know if it doesn't.
It imports the Apache keys, downloads the staged artefacts, runs MD5 and SHA1 checks, verifies the signature, builds the source, and runs rat checks. A failure in any of those stages will give a FAIL message in the log which can be grepped for. Doing these steps should be sufficient to meet the Apache process and allow a PMC member to +1 a release in clear conscience. For example, to verify the current test support release candidate, just cut and paste: wget --no-check-certificate https://svn.apache.org/repos/asf/aries/scripts/verify_staged_release.sh chmod a+x verify_staged_release.sh ./verify_staged_release.sh 256 mytempdirectory &> verifyresults.txt grep FAIL verifyresults.txt To verify the small set of API bundles release candidate, cut and paste: wget --no-check-certificate https://svn.apache.org/repos/asf/aries/scripts/verify_staged_release.sh chmod a+x verify_staged_release.sh ./verify_staged_release.sh 269 mytempdirectory &> verifyresults.txt grep FAIL verifyresults.txt Feedback very welcome - hopefully this will make things easier for all of us. Holly
