Files

Mingyu Chen 486a0586ac [community] modify the doc of verifying apache release (#8084 )

2022-02-17 10:53:31 +08:00

3.3 KiB

Raw Blame History

title, language

title	language
Verify Apache Release	en

Verify Apache Release

To verify the release, following checklist can used to reference:

Download links are valid.
Checksums and PGP signatures are valid.
DISCLAIMER or DISCLAIMER-WIP is included.
Source code artifacts have correct names matching the current release.
LICENSE and NOTICE files are correct for the repository.
All files have license headers if necessary.
No compiled archives bundled in source archive.
Building is OK.

1. Download source package, signature file, hash file and KEYS

Download all artifacts, take a.b.c-incubating as an example:

wget https://www.apache.org/dyn/mirrors/mirrors.cgi?action=download&filename=/incubator/doris/a.b.c-incubating/apache-doris-a.b.c-incubating-src.tar.gz

wget https://www.apache.org/dist/incubator/doris/a.b.c-incubating/apache-doris-a.b.c-incubating-src.tar.gz.sha512

wget https://www.apache.org/dist/incubator/doris/a.b.c-incubating/apache-doris-a.b.c-incubating-src.tar.gz.asc

wget https://www.apache.org/dist/incubator/doris/KEYS

2. Verify signature and hash

GnuPG is recommended, which can install by yum install gnupg or apt-get install gnupg.

Here we use Doris main code release as an example. Other releases are similar.

gpg --import KEYS
gpg --verify apache-doris-a.b.c-incubating-src.tar.gz.asc apache-doris-a.b.c-incubating-src.tar.gz
sha512sum --check apache-doris-a.b.c-incubating-src.tar.gz.sha512

3. Verify license header

Here we use apache/skywalking-eyes for source license header validation.

Go to the source directory and execute the following command (requires a Docker environment).

docker run -it --rm -v $(pwd):/github/workspace apache/skywalking-eyes header check

The output is similar to the following:

INFO GITHUB_TOKEN is not set, license-eye won't comment on the pull request
INFO Loading configuration from file: .licenserc.yaml
INFO Totally checked 5611 files, valid: 3926, invalid: 0, ignored: 1685, fixed: 0

where an invalid of 0 means the check passed.

Some non-Apache License header files are documented in .licenserc.yaml.

4. Verify building

For Doris main code compilation, see compilation documentation
Flink Doris Connector compilation, see compilation documentation
Spark Doris Connector compilation, see compilation documentation

3.3 KiB Raw Blame History