kevinw66 commented on code in PR #212: URL: https://github.com/apache/bigtop-manager/pull/212#discussion_r2049832681
########## docs/en/release.md: ########## @@ -0,0 +1,353 @@ +# Release +This document is written based on the release of Bigtop Manager 1.0.0. + +## Prepare +If this is your first release, you need to do the following preparation work. + +### GPG Key +The GPG key is used to sign your code during the release stage. You can check [Signing Releases](https://infra.apache.org/release-signing.html) or follow the instructions below to create your GPG key information. + +#### Download the Software +Download and install the GPG software package from the [official website](https://www.gnupg.org/download/index.html). It is recommended to download the latest version. The following example is written based on version `2.4.7`. + +#### Create the Key +```shell +$ gpg --full-gen-key + +gpg (GnuPG) 2.4.7; Copyright (C) 2024 g10 Code GmbH +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. + +# Choose key info. Just fill in 1/4096/0/y in order. +Please select what kind of key you want: + (1) RSA and RSA + (2) DSA and Elgamal + (3) DSA (sign only) + (4) RSA (sign only) + (9) ECC (sign and encrypt) *default* + (10) ECC (sign only) + (14) Existing key from card +Your selection? 1 +RSA keys may be between 1024 and 4096 bits long. +What keysize do you want? (3072) 4096 +Requested keysize is 4096 bits +Please specify how long the key should be valid. + 0 = key does not expire + <n> = key expires in n days + <n>w = key expires in n weeks + <n>m = key expires in n months + <n>y = key expires in n years +Key is valid for? (0) 0 +Key does not expire at all +Is this correct? (y/N) y + +# Fill in your personal information. It is recommended to fill in your Apache account information and then enter O to confirm. +GnuPG needs to construct a user ID to identify your key. + +Real name: Zhiguo Wu +Email address: wuzhi...@apache.org +Comment: CODE SIGNING KEY +You selected this USER-ID: + "Zhiguo Wu (CODE SIGNING KEY) <wuzhi...@apache.org>" + +Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O + +We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. + +# The key is successfully created. Please save it properly. +gpg: directory '/Users/wuzhiguo/.gnupg/openpgp-revocs.d' created +gpg: revocation certificate stored as '/Users/wuzhiguo/.gnupg/openpgp-revocs.d/D3D5CF25076873C9AA068C0D8F062A5450E25685.rev' +public and secret key created and signed. + +pub rsa4096 2023-02-21 [SC] + D3D5CF25076873C9AA068C0D8F062A5450E25685 +uid [ultimate] Zhiguo Wu (CODE SIGNING KEY) <wuzhi...@apache.org> +sub rsa4096 2023-02-21 [E] +``` + +#### View the Key +```shell +$ gpg --list-keys + +gpg: checking the trustdb +gpg: marginals needed: 3 completes needed: 1 trust model: pgp +gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u +[keyboxd] +--------- +pub rsa4096 2023-02-21 [SC] + D3D5CF25076873C9AA068C0D8F062A5450E25685 +uid [ultimate] Zhiguo Wu (CODE SIGNING KEY) <wuzhi...@apache.org> +sub rsa4096 2023-02-21 [E] +``` + +#### Upload the Key +Visit the [public server](http://keyserver.ubuntu.com/) to upload the key or run the following command to upload it: +```shell +$ gpg --keyserver keyserver.ubuntu.com --send-key D3D5CF25076873C9AA068C0D8F062A5450E25685 +``` + +#### View the Key +Visit the [public server](http://keyserver.ubuntu.com/) to search for your key or run the following command to view the upload result: +```shell +$ gpg --keyserver keyserver.ubuntu.com --search-keys D3D5CF25076873C9AA068C0D8F062A5450E25685 +``` + +### SVN +Apache uses SVN to manage release packages. + +#### Pull the Directory +```bash +$ mkdir -p ~/apache/dev +$ mkdir -p ~/apache/release +$ cd ~/apache/dev +$ svn co https://dist.apache.org/repos/dist/dev/bigtop +$ cd ~/apache/release +$ svn co https://dist.apache.org/repos/dist/release/bigtop +``` + +#### Upload the Key +Please note to change the name below to the one you used when generating the key: +```bash +$ cd ~/apache/release/bigtop +$ (gpg --list-sigs Zhiguo Wu && gpg --armor --export Zhiguo Wu) >> KEYS +$ svn commit -m "Adding Zhiguo Wu's code signing key" +``` + +## Start the Release +### Release Notes +Since the project is managed by `Apache Jira`, you can easily obtain the corresponding release notes. +* Go to the [Bigtop Jira](https://issues.apache.org/jira/projects/BIGTOP) page. +* Click the `Release` menu on the left. Review Comment: @sekikn Just updated! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@bigtop.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
