Really sorry for the confusion here Joe.

The standalone files provided should be:

.zip - source file
.asc - GPG signature
.md5 - MD5 checksum
.sha1 - SHA1 checksum
.sha256 - SHA256 checksum

Your GPG signature should internally use SHA512/SHA384/SHA256 as the hashing 
algorithm.

Andy LoPresto
alopre...@apache.org
alopresto.apa...@gmail.com
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On Oct 17, 2016, at 12:06 PM, Joe Skora <jsk...@apache.org> wrote:
> 
> Hello Apache NiFi community,
> 
> Please find the associated guidance to help those interested in
> validating/verifying the release so they can vote.
> 
> # Download latest KEYS file:
> https://dist.apache.org/repos/dist/dev/nifi/KEYS
> 
> # Import keys file:
> gpg --import KEYS
> 
> # [optional] Clear out local maven artifact repository
> 
> # Pull down nifi-0.7.1 source release artifacts for review:
> 
> wget
> https://dist.apache.org/repos/dist/dev/nifi/nifi-0.7.1/nifi-0.7.1-source-release.zip
> wget
> https://dist.apache.org/repos/dist/dev/nifi/nifi-0.7.1/nifi-0.7.1-source-release.zip.asc
> wget
> https://dist.apache.org/repos/dist/dev/nifi/nifi-0.7.1/nifi-0.7.1-source-release.zip.md5
> wget
> https://dist.apache.org/repos/dist/dev/nifi/nifi-0.7.1/nifi-0.7.1-source-release.zip.sha384
> wget
> https://dist.apache.org/repos/dist/dev/nifi/nifi-0.7.1/nifi-0.7.1-source-release.zip.sha512
> 
> # Verify the signature
> gpg --verify nifi-0.7.1-source-release.zip.asc
> 
> # Verify the hashes (md5, sha384, sha512) match the source and what was
> provided in the vote email thread
> md5sum nifi-0.7.1-source-release.zip
> sha384sum nifi-0.7.1-source-release.zip
> sha512sum nifi-0.7.1-source-release.zip
> 
> # Unzip nifi-0.7.1-source-release.zip
> 
> # Verify the build works including release audit tool (RAT) checks
> cd nifi-0.7.1
> mvn clean install -Pcontrib-check
> 
> # Verify the contents contain a good README, NOTICE, and LICENSE.
> 
> # Verify the git commit ID is correct
> 
> # Verify the RC was branched off the correct git commit ID
> 
> # Look at the resulting convenience binary as found in nifi-assembly/target
> 
> # Make sure the README, NOTICE, and LICENSE are present and correct
> 
> # Run the resulting convenience binary and make sure it works as expected
> 
> # Send a response to the vote thread indicating a +1, 0, -1 based on your
> findings.
> 
> Thank you for your time and effort to validate the release!

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Reply via email to