- signatures and checksums match - source builds - apache rat passes +1
Below are the linux commands I used to verify the release of the cayenne-4.0.M2 files: ============================================= wget https://dist.apache.org/repos/dist/dev/cayenne/4.0.M2/cayenne-4.0.M2-macosx.dmg wget https://dist.apache.org/repos/dist/dev/cayenne/4.0.M2/cayenne-4.0.M2-macosx.dmg.asc wget https://dist.apache.org/repos/dist/dev/cayenne/4.0.M2/cayenne-4.0.M2-macosx.dmg.md5 wget https://dist.apache.org/repos/dist/dev/cayenne/4.0.M2/cayenne-4.0.M2-src.tar.gz wget https://dist.apache.org/repos/dist/dev/cayenne/4.0.M2/cayenne-4.0.M2-src.tar.gz.asc wget https://dist.apache.org/repos/dist/dev/cayenne/4.0.M2/cayenne-4.0.M2-src.tar.gz.md5 wget https://dist.apache.org/repos/dist/dev/cayenne/4.0.M2/cayenne-4.0.M2-win.zip wget https://dist.apache.org/repos/dist/dev/cayenne/4.0.M2/cayenne-4.0.M2-win.zip.asc wget https://dist.apache.org/repos/dist/dev/cayenne/4.0.M2/cayenne-4.0.M2-win.zip.md5 wget https://dist.apache.org/repos/dist/dev/cayenne/4.0.M2/cayenne-4.0.M2.tar.gz wget https://dist.apache.org/repos/dist/dev/cayenne/4.0.M2/cayenne-4.0.M2.tar.gz.asc wget https://dist.apache.org/repos/dist/dev/cayenne/4.0.M2/cayenne-4.0.M2.tar.gz.md5 # check checksums ## made with gpg --print-md MD5 cayenne-X.X.tar.gz cat *.md5 | tr -d ' ' | awk 'BEGIN{OFS=" "; FS=":"} {tmp=$1;$1=$2;$2=tmp;print}' | md5sum -c # check signatures wget http://www.apache.org/dist/cayenne/KEYS gpg --import KEYS find . -name '*.asc' -exec gpg --verify {} \; # verify .tar.gz and -win.zip files are identical -- flawed process due to platform building differences mkdir src cd src tar xvf ../cayenne-4.0.M2.tar.gz mv cayenne-4.0.M2/ cayenne-4.0.M2-tar-gz unzip ../cayenne-4.0.M2-win.zip # should be no output # but windows and tar package are built with different java versions. ## differences in jars, pdfs, html resources, css, html, package-info between tar.gz and zip(win) diff -rq cayenne-4.0.M2* | grep -v "jar differ" | grep -v "html differ" | grep -v "pdf differ" | grep -v ".css differ" # should be "are identical" output diff -srq cayenne-4.0.M2* | grep -v "jar differ" | grep -v "html differ" | grep -v "pdf differ" | grep -v ".css differ" | grep -v "are identical" # unpack source tar xvzf ../cayenne-4.0.M2-src.tar.gz # build source cd cayenne-4.0.M2-src mvn install ## mvn apache-rat currently unused for cayenne # manually verify that there are no unknown or unapproved licensed files ./rat.sh ../../../apache-rat-0.9/apache-rat-0.9.jar ##mvn apache-rat:check # To check for all errors, if more than one project is affected # mvn apache-rat:check -Drat.numUnapprovedLicenses=9999 # To see details of rat failure # mvn -e -X apache-rat:check On Thu, Feb 26, 2015 at 4:41 AM, Alex Kolonitsky <akolonit...@objectstyle.com> wrote: > Hi All, > I've prepared 4.0.M2 artifacts for voting again, I hope this time everything > will be fine. > > Maven artifacts: > https://repository.apache.org/content/repositories/orgapachecayenne-1005 > <https://repository.apache.org/content/repositories/orgapachecayenne-1005> > Assemblies: https://dist.apache.org/repos/dist/dev/cayenne/4.0.M2/ > <https://dist.apache.org/repos/dist/dev/cayenne/4.0.M2/> > > Please evaluate and cast your votes. > > Regards, > Alex Kolonitsky.
