Thank you Adam, I am sharing my notes that I have generated with your support:
Step 1,2, 3 now have passed. ************VALIDATION STEPS************ Step 1 keys=https://dist.apache.org/repos/dist/dev/fineract/KEYS curl $keys | gpg --import version=1.12.1 svn checkout https://dist.apache.org/repos/dist/dev/fineract/$version/ cd $version gpg --print-md SHA512 "apache-fineract-$version-src.tar.gz" | diff - "apache-fineract-$version-src.tar.gz.sha512" gpg --verify "apache-fineract-$version-src.tar.gz.asc" gpg --print-md SHA512 "apache-fineract-$version-binary.tar.gz" | diff - "apache-fineract-$version-binary.tar.gz.sha512" gpg --verify "apache-fineract-$version-binary.tar.gz.asc" Look for "Good signature from..." messages from gpg, and ignore a warning like "This key is not certified...". See below for details. Step 2 tar -xzf "apache-fineract-$version-src.tar.gz" cd "apache-fineract-src-$version" ./gradlew build -x test -x doc cd .. That should succeed and you should find binary and source tarballs in fineract-war/build/distributions/ . See below for details. Step 3 Before running this you must start a database server and ensure the fineract_default and fineract_tenant databases exist. Then: tar -xzf "apache-fineract-$version-binary.tar.gz" cd "apache-fineract-binary-$version" cat << 'EndOfRcenv' >> rcenv FINERACT_SERVER_SSL_ENABLED=false FINERACT_SERVER_PORT=8080 BACKEND_PROTOCOL=http BACKEND_PORT=$FINERACT_SERVER_PORT EndOfRcenv docker run --rm -it -v "$(pwd):/usr/local/tomcat/webapps" --net=host --env-file=rcenv tomcat:jre17 cd .. At that point http://localhost:8080/fineract-provider/actuator/health should work and you should be able to make API calls against http://localhost:8080/fineract-provider/api/v1 . ********************** Now I am testing the functionality, I will come back ASAP. Best regards Victor Romero El jue, 24 jul 2025 a las 11:52, Adam Monsen (<meonk...@apache.org>) escribió: > Victor wrote: > > I have followed these steps, step 2 and step 3 are OK. Step 1 (signature > is not passing). > > Ok! Victor, thank you for exercising your right to vote, and especially > for showing your work! This is super useful. Looks like there are a couple > things going wrong, one of which is because the validation steps are > slightly different than the ones I used for the previous release. Sorry > about that! You'll also need my PGP key. I'll explain. > > *First*: The .sha512 files are in a different format. I wish gpg used the > same format as the sha512sum tool, but anyway, that's why checksum > verification is failing. So just make sure you're doing something more like > this: > > gpg --print-md SHA512 $src | diff - $src.sha512 > > *Second*: You'll need to import my public key for signature verification. > It's in our KEYS file (which recently changed), so you can do: > > keys=https://dist.apache.org/repos/dist/dev/fineract/KEYS > curl $keys | gpg --import > > (That's OK to run and re-run.) > > Or you can fetch & import my public key from a public key server using > your favorite tool, e.g.: > > gpg --receive-keys 0xA9A14F22F57DA182 > > (You may need to specify the key server as keyserver.ubuntu.com or > keys.openpgp.org, I forget where all I uploaded it) > > If you still get errors or warnings during checksum or signature > verification please let me know -- I'd like to improve my instructions for > next time. > > Also see this thread on key hygiene > <https://lists.apache.org/thread/7wq9moshw1hfndycodfnzy8ndocpwoy7> ... > ideally we build and maintain our web of trust directly with each other, > especially whenever we gather. We have the tools, we have the talent! I'll > host the keysigning party. > > -- > Adam Monsen > Software Engineer ~ Mifos Initiative > Apache Fineract Release Manager > >
