Thanks Joe. Sharpening our tools is always valuable and often forgotten/underappreciated. Your updates will be silently thanked by many in the future.
Andy LoPresto [email protected] [email protected] PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Oct 17, 2016, at 3:01 PM, Joe Skora <[email protected]> wrote: > > Sorry I misunderstood before, I think I've got it now. > > 1. I've added the SHA256 hashes. > 2. I've recreated the GPG signatures with the SHA512 algorithm. > 3. I will send a revised helper email referencing the standalone files as > you listed them. > > I see what happened with the signatures, I followed the steps in the shell > script on the Releasing NiFi > <https://cwiki.apache.org/confluence/display/NIFI/Releasing+NiFi > <https://cwiki.apache.org/confluence/display/NIFI/Releasing+NiFi>> wiki page > which does not specify the algorithm. The Release Guidelines > <http://nifi.apache.org/release-guide.html > <http://nifi.apache.org/release-guide.html>> page does specify the algorithm > but that page is harder to follow and I thought the wiki page was supposed > to be newer. > > So we have two sets of instructions that may give enough detail for someone > experienced with the release process, but neither of is complete or up to > date. There are at least a few references to old processes that I caught, > such as not specifying that the pushes should go to the ASF repository. > But it wasn't until I was gathering information for the vote email that I > realized they don't cover pushing the tag once it's created. > > Like I mentioned earlier, I'll try to get the details together an submit > updates for the release instructions this week. > > Thanks for the help and patience! :-D > > On Mon, Oct 17, 2016 at 4:09 PM, Andy LoPresto <[email protected] > <mailto:[email protected]>> wrote: > >> Really sorry for the confusion here Joe. >> >> The standalone files provided should be: >> >> .zip - source file >> .asc - GPG signature >> .md5 - MD5 checksum >> .sha1 - SHA1 checksum >> .sha256 - SHA256 checksum >> >> Your GPG signature should internally use SHA512/SHA384/SHA256 as the >> hashing algorithm. >> >> Andy LoPresto >> [email protected] >> *[email protected] <mailto:[email protected]> >> <[email protected] <mailto:[email protected]>>* >> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 >> >> On Oct 17, 2016, at 12:06 PM, Joe Skora <[email protected]> wrote: >> >> Hello Apache NiFi community, >> >> Please find the associated guidance to help those interested in >> validating/verifying the release so they can vote. >> >> # Download latest KEYS file: >> https://dist.apache.org/repos/dist/dev/nifi/KEYS >> >> # Import keys file: >> gpg --import KEYS >> >> # [optional] Clear out local maven artifact repository >> >> # Pull down nifi-0.7.1 source release artifacts for review: >> >> wget >> https://dist.apache.org/repos/dist/dev/nifi/nifi-0.7.1/nifi- >> 0.7.1-source-release.zip >> wget >> https://dist.apache.org/repos/dist/dev/nifi/nifi-0.7.1/nifi- >> 0.7.1-source-release.zip.asc >> wget >> https://dist.apache.org/repos/dist/dev/nifi/nifi-0.7.1/nifi- >> 0.7.1-source-release.zip.md5 >> wget >> https://dist.apache.org/repos/dist/dev/nifi/nifi-0.7.1/nifi- >> 0.7.1-source-release.zip.sha384 >> wget >> https://dist.apache.org/repos/dist/dev/nifi/nifi-0.7.1/nifi- >> 0.7.1-source-release.zip.sha512 >> >> # Verify the signature >> gpg --verify nifi-0.7.1-source-release.zip.asc >> >> # Verify the hashes (md5, sha384, sha512) match the source and what was >> provided in the vote email thread >> md5sum nifi-0.7.1-source-release.zip >> sha384sum nifi-0.7.1-source-release.zip >> sha512sum nifi-0.7.1-source-release.zip >> >> # Unzip nifi-0.7.1-source-release.zip >> >> # Verify the build works including release audit tool (RAT) checks >> cd nifi-0.7.1 >> mvn clean install -Pcontrib-check >> >> # Verify the contents contain a good README, NOTICE, and LICENSE. >> >> # Verify the git commit ID is correct >> >> # Verify the RC was branched off the correct git commit ID >> >> # Look at the resulting convenience binary as found in nifi-assembly/target >> >> # Make sure the README, NOTICE, and LICENSE are present and correct >> >> # Run the resulting convenience binary and make sure it works as expected >> >> # Send a response to the vote thread indicating a +1, 0, -1 based on your >> findings. >> >> Thank you for your time and effort to validate the release!
signature.asc
Description: Message signed with OpenPGP using GPGMail
