I took your suggestion and got this: Only in nifi: .git
Only in nifi: .gitignore Only in temp/nifi-1.7.0/: DEPENDENCIES Only in nifi/nifi-nar-bundles/nifi-standard-services/nifi-kerberos-credentials-service-api: .gitignore Only in nifi/nifi-nar-bundles/nifi-standard-services/nifi-kerberos-credentials-service-bundle/nifi-kerberos-credentials-service: .gitignore Only in nifi/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services: .gitignore So that looks fine to me because I'd expect those to be excluded from an official source release that doesn't have the git artifacts (and I don't think DEPENDENCIES matters either unless I'm missing something) On Wed, Jun 20, 2018 at 10:11 AM Bryan Bende <bbe...@gmail.com> wrote: > Others may know a better way to do this, but the only way I know to > truly verify the commit id is something like the following: > > git clone https://git-wip-us.apache.org/repos/asf/nifi.git > git -C nifi checkout <commit id from vote email> > diff --brief -r <source dir from unzipped release artifacts> <clone > dir from above> > > For verifying the RC was branched off the correct git commit id, you > look at the branch that was used to create the RC... > > So looking at the commit from the release email shows the JIRA was > NIFI-5323 so there should be a branch like NIFI-5323-RC#: > > https://github.com/apache/nifi/commits/NIFI-5323-RC1 > > The "prepare" commit in there should line up with the commit > referenced in the vote email, and should also be the commit referenced > in the release tag: > > https://github.com/apache/nifi/commits/nifi-1.7.0-RC1 > > > On Wed, Jun 20, 2018 at 9:59 AM, Kevin Doran <kdoran.apa...@gmail.com> > wrote: > > > > > > > > > > > > > > > > Hi Mike, > > These values are in the VOTE email: > https://lists.apache.org/thread.html/d8bfef873317c5f681a5deb226d9dd9483aec56a7abc9a72090cb570@ > <dev.nifi.apache.org> > > Cheers,Kevin > > > > > > > > > > > > > > On Wed, Jun 20, 2018 at 6:55 AM -0700, "Mike Thomsen" < > mikerthom...@gmail.com> wrote: > > > > > > > > > > > > > > > > > > > > > > Do we store these values somewhere in the zip? > > > > # Verify the git commit ID is correct > > > > # Verify the RC was branched off the correct git commit ID > > > > On Wed, Jun 20, 2018 at 3:16 AM Andy LoPresto wrote: > > > >> Hello Apache NiFi community, > >> > >> Please find the associated guidance to help those interested in > >> validating/verifying the release so they can vote. > >> > >> # Download latest KEYS file: > >> https://dist.apache.org/repos/dist/dev/nifi/KEYS > >> > >> # Import keys file: > >> gpg --import KEYS > >> > >> # [optional] Clear out local maven artifact repository > >> > >> # Pull down nifi-1.7.0 source release artifacts for review: > >> wget > >> > https://dist.apache.org/repos/dist/dev/nifi/nifi-1.7.0/nifi-1.7.0-source-release.zip > >> wget > >> > https://dist.apache.org/repos/dist/dev/nifi/nifi-1.7.0/nifi-1.7.0-source-release.zip.asc > >> wget > >> > https://dist.apache.org/repos/dist/dev/nifi/nifi-1.7.0/nifi-1.7.0-source-release.zip.sha1 > >> wget > >> > https://dist.apache.org/repos/dist/dev/nifi/nifi-1.7.0/nifi-1.7.0-source-release.zip.sha256 > >> wget > >> > https://dist.apache.org/repos/dist/dev/nifi/nifi-1.7.0/nifi-1.7.0-source-release.zip.sha512 > >> > >> # Verify the signature > >> gpg --verify nifi-1.7.0-source-release.zip.asc > >> > >> # Verify the hashes (sha1, sha256, sha512) match the source and what was > >> provided in the vote email thread > >> shasum -a 1 nifi-1.7.0-source-release.zip > >> shasum -a 256 nifi-1.7.0-source-release.zip > >> shasum -a 512 nifi-1.7.0-source-release.zip > >> > >> # Unzip nifi-1.7.0-source-release.zip > >> > >> # Verify the build works including release audit tool (RAT) checks > >> cd nifi-1.7.0 > >> mvn clean install -Pcontrib-check,include-grpc > >> > >> # Verify the contents contain a good README, NOTICE, and LICENSE. > >> > >> # Verify the git commit ID is correct > >> > >> # Verify the RC was branched off the correct git commit ID > >> > >> # Look at the resulting convenience binary as found in > nifi-assembly/target > >> > >> # Make sure the README, NOTICE, and LICENSE are present and correct > >> > >> # Run the resulting convenience binary and make sure it works as > expected > >> > >> # Send a response to the vote thread indicating a +1, 0, -1 based on > your > >> findings. > >> > >> Thank you for your time and effort to validate the release! > >> Andy LoPresto > >> alopre...@apache.org > >> *alopresto.apa...@gmail.com * > >> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > >> > >> > > > > > > > > > > >
