It would be really nice to have all the release steps and procedures as part of our Geode release page for future reference. I really mean a step-by-step list of commands and/or configuration files that's needed.
@Nitin, are you planning to include these (and maybe other steps) there ? I can help but I'd think that someone "overseeing" the process will have a better way to organize it there. Happy to help in anyway. On Wed, Jan 13, 2016 at 10:20 AM, Anthony Baker <[email protected]> wrote: > Ok, I’ve pushed a few changes onto the release/1.0.0-incubating.M1 branch: > > 1) KEYS file is present (GEODE-776) > 2) md5 / sha256 hashes are generated for distributions (GEODE-775) > 3) artifacts and distributions for release builds are signed (GEODE-775) > 4) generate sources / javadoc jars for maven publishing (GEODE-777) > 5) fix for building source from non-git directory (GEODE-778) > > To build on a release branch (where the version does not end with > -SNAPSHOT) you will need to set these properties in > ~/.gradle/gradle.properties: > > signing.keyId= > signing.password= > signing.secretKeyRingFile= > > One thing I noticed is that the publish target (`gradle publish`) only > uploads jars/poms for these projects: > > - gemfire-common > - gemfire-core > - gemfire-json > - gemfire-joptsimple > - gemfire-lucene > > and does not consider signature files, sources, or javadoc jars. GEODE-27 > discusses a related issue of fixing the dependencies / repositories listed > in the pom files. > > Anthony > > > > On Jan 11, 2016, at 8:52 PM, Nitin Lamba <[email protected]> wrote: > > > > Thanks Anthony > > > > Roman, thanks for your offer to help with PGP, I'm sure we'll need it > soon :) > > > > As a follow-up, I've created the JIRA (GEODE-776) to add the KEYS file. > Will create mine shortly and comment. > > > > Best, > > Nitin > > > > ________________________________________ > > From: [email protected] <[email protected]> on behalf of Roman > Shaposhnik <[email protected]> > > Sent: Monday, January 11, 2016 8:09 PM > > To: [email protected] > > Subject: Re: releaseType? > > > > Seems like our emails have crossed. At this point you need to > > assemble a few trusted keys (yours, Nitin's, Mark's and perhaps > > a few other folks' as the minimum set) into a single key file and > > make it available in SVN tree that manages ASF releases. > > > > I suggest opening a GEODE jira asking folks to share their keys > > specially designed to sign release as comments in that JIRA. > > Note that it is best to have an identity bound to our kye clearly > > designated as a release management key. E.g.: > > https://dist.apache.org/repos/dist/release/bigtop/KEYS > > > > pub 1024D/9475BD5D 2010-10-08 > > uid Roman V Shaposhnik (CODE SIGNING KEY) < > [email protected]> > > sig 3 9475BD5D 2011-11-01 Roman V Shaposhnik (CODE SIGNING > > KEY) <[email protected]> > > > > Thanks, > > Roman. > > > > P.S. I'm kind of a crypto geek in my prior life so please let me know > > if more background on how to manange release signing keys would > > be useful to you > > > > On Mon, Jan 11, 2016 at 7:44 PM, Anthony Baker <[email protected]> > wrote: > >> Here’s my key but I’m not sure if it is sufficiently trusted yet: > >> > >> > http://pgp.surfnet.nl/pks/lookup?op=vindex&search=abaker%40apache.org&fingerprint=on > >> > >> Anthony > >> > >> > >> On Jan 11, 2016, at 6:54 PM, Nitin Lamba <[email protected]> wrote: > >> > >> Great! > >> > >> If we're good with the latest versions of NOTICE and LICENSE files, > we're > >> about done with the src artifacts ready for review by ASF elders. > >> > >> The next step is code-signing and needs a few committers to have their > PGP > >> signatures uploaded on a public key server [1]. More details on release > >> signing here [2], [3]. Is anyone from Geode PMC already in the 'web of > >> trust'? I do see Roman on the list. > >> > >> - Nitin > >> > >> [1] https://people.apache.org/committers.html > >> [2] http://www.apache.org/dev/release-signing.html#link-into-wot > >> [3] http://www.apache.org/dev/openpgp.html#wot > >> > > -- William Markito Oliveira -- For questions about Apache Geode, please write to *[email protected] <[email protected]>*
