-
Notifications
You must be signed in to change notification settings - Fork 39
Testing a Source Release
Apache Annotator (incubating) follows Apache Software Foundation policy1 for releases. This page documents the process for testing releases.
Create a directory to store the files and set it as the current working directory:
$ mkdir /tmp/annotator
$ cd /tmp/annotator
Download the release candidate tarball and its associated signatures and checksums:
$ curl -O https://dist.apache.org/repos/dist/dev/incubator/annotator/source/X.Y.Z/rc.N/apache-annotator-X.Y.Z-rc.N-incubating.tar.gz
$ curl -O https://dist.apache.org/repos/dist/dev/incubator/annotator/source/X.Y.Z/rc.N/apache-annotator-X.Y.Z-rc.N-incubating.tar.gz.asc
$ curl -O https://dist.apache.org/repos/dist/dev/incubator/annotator/source/X.Y.Z/rc.N/apache-annotator-X.Y.Z-rc.N-incubating.tar.gz.sha256
$ curl -O https://dist.apache.org/repos/dist/dev/incubator/annotator/source/X.Y.Z/rc.N/apache-annotator-X.Y.Z-rc.N-incubating.tar.gz.sha512
Substitute cURL for any tool of your choice, such as wget.
Release managers sign the releases and publish PGP public keys for verifying the signatures. Import the keys into the local keychain:
$ curl -L https://apache.org/dist/incubator/annotator/KEYS | gpg --import -
Verify the release signature:
$ gpg --verify apache-annotator-*.tar.gz.asc
The output of this command should say that the signature is good and list the name, email address, and key of the release manager. If anything looks incorrect, please notify the mailing list. The release managers are aware that their keys are not strongly connected to a web of trust and are working to resolve that in the future.
Verify the release checksums:
$ sha256sum --check apache-annotator-*.tar.gz.sha256
$ sha512sum --check apache-annotator-*.tar.gz.sha512
The Apache Annotator (incubating) project distributes release tarballs that are shallow clones of the git source control repository, making it easy to verify that the release contents contain the correct code.
Unpack the tarball and change the current working directory to be that of the unpacked source:
$ tar xzf apache-annotator-X.Y.Z-rc.N-incubating.tar.gz
$ cd apache-annotator-X.Y.Z-incubating
Check that the remote repository is correctly configured:
$ git remote show origin
The output should show the repository as https://github.com/apache/incubator-annotator.git and a single, local branch tracking a remote branch of the same name. Both branches should be named for the minor version of the release, e.g. "vX.Y.x".
Fetch the full history of the release candidate tag:
$ git fetch --unshallow origin tag vX.Y.Z-rc.N
Check that the current commit is correctly tagged:
$ git describe
The output should say "vX.Y.Z-rc.N" exactly, with no additional suffixes.
Check that the working directory is clean, containing only the files under version control:
$ git status --ignored
The output should include "nothing to commit, working tree clean".
Source releases should build and pass all automated tests:
$ make check
Inspect the output for any errors or failures and bring any issues to the mailing list.
Releases should include LICENSE and NOTICE files that follow the conventions of Apache Software Foundation projects. As the project is still under incubation, releases should also contain a DISCLAIMER-WIP file. Despite the work-in-progress disclaimer, it is the intention of the project to fully adhere to Apache Software Foundation policy.
Help ensure that the project is adhering to policy by using the Apache Rat2 tool to check license headers (replacing the path to the Apache Rat file as appropriate):
$ java -jar ~/.local/share/apache-rat-0.13.jar -E .ratignore -d .
Raise any issues or questions on the mailing list.
Delete the /tmp/annotator directory to remove all files that result from following these instructions. Submit your vote on the mailing list thread to approve or disapprove of the release. Voting participation is greatly appreciated by the community.