Hello everyone,
We are proud to present Apache Fineract 1.12.1, with the artifacts below
up for a vote. Releases are important for a number of reasons: They put
a stamp of approval on a set of code changes and they build momentum for
future improvements.
1.12.1 is very similar to 1.12.0--we just had to fix some build and test
issues (thank you Ádám Sághy).
Release notes and ChangeLog
<https://cwiki.apache.org/confluence/display/FINERACT/1.12.1+-+Apache+Fineract>
(help still needed w/summary please)
Source and binary artifacts <https://adammonsen.com/tmp/1.12.1/> (yes,
this is the correct URL -- we are waiting for ASF infra to assist with
uploading the release to the staging area in subversion. That's OK, this
is why we have checksums and keys, so these files can be considered
immutable in a way any/all of us can verify)
Tagged as 1.12.1
Committer PGP keys, including the key I used to sign the release
<https://dist.apache.org/repos/dist/dev/fineract/KEYS> (note this KEYS
file is duplicated in the /release/ area, but that KEYS file is not yet
updated -- I need a PMC member to do this for me)
Note that this release contains source and binary artifacts.
This vote will be open for 72 hours:
[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove (and reason why)
Please indicate if you are a binding vote (member of the PMC).
Please also indicate with "Tested: YES/NO/PARTIAL" if you have locally
built and/or tested these artifacts and/or a clone of the code checked
out to the release commit, following the form:
Tested: YES ... Verified integrity and signatures of release artifacts
locally, built from source, ran jar/war: Did everything mentioned in the
current release candidate verification guidance ( see below ). If you
did more than that, please specify.
Tested: NO ... No testing performed on release candidate, e.g. relying
on testing performed by other contributors and/or output of GitHub
Actions, while exercising my right to vote.
Tested: PARTIAL ... Please specify.
Cheers,
Adam Monsen
ADDENDUM - release candidate verification guidance
Here's a recap of the rough steps to verify the rc (release candidate):
1. download the rc artifacts and verify their integrity
2. run a build using only the source tarball and the recommended JDK
3. start up a Fineract server using the war in the binary tarball
I'll give examples of these steps below. These are meant to be run
interactively, that is: Copy+pasted or manually typed in on your own
machine. The steps assume Bash shell on Linux (and a few common
utilities: gpg, diff, tar...) but are hopefully clear enough to use as
general guidance on other systems as well. If you're able to use Bash on
macOS or Windows these commands should work the same.
signatures and checksums
version=1.12.1
# source artifact signature and checksum verification steps
src=apache-fineract-$version-src.tar.gz
# upon success: prints "Good signature" and returns successful exit code
# upon failure: prints "BAD signature" and returns error exit code
gpg--verify $src.asc
# upon success: prints nothing and returns successful exit code
# upon failure: prints checksum differences and returns error exit code
gpg--print-md SHA512$src | diff - $src.sha512
# binary artifact signature and checksum verification steps and outputs
are similar
bin=apache-fineract-$version-binary.tar.gz
gpg--verify $bin.asc
gpg--print-md SHA512$bin | diff - $bin.sha512
build from source
tar -xzf $src
# note mismatch in exploded dir name!
cd apache-fineract-src-$version
# bare minimum build!
gradle build-x test -x doc
run from binary
Explode the binary tarball and run the jar with Java and/or run the war
with Tomcat.
Ensure http://localhost:8080/fineract-provider/actuator/health works and
that you are able to make API calls against
http://localhost:8080/fineract-provider/api/v1 .
