Michael, What's the plan for the PGP key distribution, or how do we get your key into the KEYS file?
Thanks, James On Sun, May 14, 2017 at 5:36 PM, Michael Moser <[email protected]> wrote: > Hello Apache NiFi community, > > Please find the associated guidance to help those interested in > validating/verifying the 0.7.3 release so they can vote. > > # Download latest KEYS file: > https://dist.apache.org/repos/dist/dev/nifi/KEYS > > # Download the key used to sign this release: > https://people.apache.org/keys/committer/mosermw.asc > > # Import keys file: > gpg --import KEYS > > # Import key used to sign this release: > gpg --import mosermw.asc > > # [optional] Clear out local maven artifact repository > > # Pull down nifi-0.7.3 source release artifacts for review: > wget https://repository.apache.org/content/repositories/ > orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3- > source-release.zip > wget https://repository.apache.org/content/repositories/ > orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3- > source-release.zip.asc > wget https://repository.apache.org/content/repositories/ > orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3- > source-release.zip.md5 > wget https://repository.apache.org/content/repositories/ > orgapachenifi-1105/org/apache/nifi/nifi/0.7.3/nifi-0.7.3- > source-release.zip.sha1 > > # Verify the signature > gpg --verify nifi-0.7.3-source-release.zip.asc > > # Verify the hashes (md5, sha1, sha256) match the source and what was > provided in the vote email thread > # NOTE: the repository does not have the > nifi-0.7.3-source-release.zip.sha256 file, please find that hash in > the vote email thread > md5sum nifi-0.7.3-source-release.zip > sha1sum nifi-0.7.3-source-release.zip > sha256sum nifi-0.7.3-source-release.zip > > # Unzip nifi-0.7.3-source-release.zip > > # Verify the build works including release audit tool (RAT) checks > cd nifi-0.7.3 > mvn clean install -Pcontrib-check > > # Verify the contents contain a good README, NOTICE, and LICENSE. > > # Verify the git commit ID is correct > > # Verify the RC was branched off the correct git commit ID > > # Look at the resulting convenience binary as found in nifi-assembly/target > > # Make sure the README, NOTICE, and LICENSE are present and correct > > # Run the resulting convenience binary and make sure it works as expected > > # Send a response to the vote thread indicating a +1, 0, -1 based on > your findings. > > Thank you for your time and effort to validate the release! >
