Google Git
Sign in
apache / incubator-retired-pirk / refs/heads/asf-site / . / verifying_releases.html
blob: 54dc5fc45a96513b4635a0c0e5714fff44216015 [file] [log] [blame]
<!DOCTYPE html>
<html lang="en">
<head>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="/css/bootstrap.min.css" rel="stylesheet">
<link href="/css/bootstrap-theme.min.css" rel="stylesheet">
<link href="/css/dataTables.bootstrap.css" rel="stylesheet">
<link href="/css/pirk.css" rel="stylesheet" type="text/css">
<link href="//netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css" rel="stylesheet">
<title>Verifying a Release</title>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js"></script>
<script src="/js/bootstrap.min.js"></script>
<script src="/js/jquery.dataTables.min.js"></script>
<script src="/js/dataTables.bootstrap.js"></script>
<script>
// show location of canonical site if not currently on the canonical site
$(function() {
var host = window.location.host;
if (typeof host !== 'undefined' && host !== 'pirk.incubator.apache.org') {
$('#non-canonical').show();
}
});
// decorate menu with currently navigated page
$(function() {
$("#nav_verify_release").addClass("active");
});
$(function() {
// decorate section headers with anchors
return $("h2, h3, h4, h5, h6").each(function(i, el) {
var $el, icon, id;
$el = $(el);
id = $el.attr('id');
icon = '<i class="fa fa-link"></i>';
if (id) {
return $el.append($("<a />").addClass("header-link").attr("href", "#" + id).html(icon));
}
});
});
// configure Google Analytics
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-81114308-1', 'auto');
ga('send', 'pageview');
</script>
</head>
<body style="padding-top: 100px">
<nav class="navbar navbar-default navbar-fixed-top">
<div class="container-fluid">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#navbar-items">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href="/"><img id="nav-logo" alt="Apache Pirk" class="img-responsive" src="/images/pirkImage.png" width="150"/></a>
</div>
<div class="collapse navbar-collapse" id="navbar-items">
<ul class="nav navbar-nav">
<li class="nav-link"><a href="/downloads">Download</a></li>
<li class="dropdown">
<a class="dropdown-toggle" data-toggle="dropdown" href="#">Documentation<span class="caret"></span></a>
<ul class="dropdown-menu">
<li id="nav_users"><a href="/for_users">For Users</a></li>
<li id="nav_developers"><a href="/for_developers">For Developers</a></li>
<li id="nav_developers"><a href="/cloud_instructions">Cloud instructions</a></li>
<li id="nav_papers"><a href="/papers">Papers &amp Presentations</a></li>
<li class="nav_faq"><a href="/faq">FAQ</a></li>
<li class="divider"></li>
<li><a href="/javadocs">Javadocs</a></li>
</ul>
</li>
<li class="dropdown">
<a class="dropdown-toggle" data-toggle="dropdown" href="#">Community<span class="caret"></span></a>
<ul class="dropdown-menu">
<li id="nav_getinvolvedpirk"><a href="/get_involved_pirk">Get Involved</a></li>
<li id="nav_listspirk"><a href="/mailing_list_pirk">Mailing Lists</a></li>
<li id="nav_peoplepirk"><a href="/people_pirk">People</a></li>
</ul>
</li>
<li class="dropdown">
<a class="dropdown-toggle" data-toggle="dropdown" href="#">Development<span class="caret"></span></a>
<ul class="dropdown-menu">
<li id="nav_releasing"><a href="/how_to_contribute">How to Contribute</a></li>
<li id="nav_releasing"><a href="/releasing">Making Releases</a></li>
<li id="nav_nav_verify_release"><a href="/verifying_releases">Verifying Releases</a></li>
<li id="nav_update_website"><a href="/website_updates">Website Updates</a></li>
<hr>
<li><a href="https://issues.apache.org/jira/browse/PIRK ">Issue Tracker/JIRA <i class="fa fa-external-link"></i></a></li>
<li><a href="https://builds.apache.org/job/pirk/">Jenkins Builds <i class="fa fa-external-link"></i></a></li>
<li><a href="https://travis-ci.org/apache/incubator-pirk">Travis CI Builds <i class="fa fa-external-link"></i></a></li>
<li><a href="https://github.com/apache/incubator-pirk"> Pirk Github Mirror <i class="fa fa-external-link"></i></a></li>
</ul>
</li>
<li class="nav-link"><a href="/roadmap">Roadmap</a></li>
<ul class="nav navbar-nav navbar-right">
<li class="dropdown">
<a class="dropdown-toggle" data-toggle="dropdown" href="#">Apache Software Foundation<span class="caret"></span></a>
<ul class="dropdown-menu">
<li><a href="https://www.apache.org">Apache Homepage <i class="fa fa-external-link"></i></a></li>
<li><a href="https://www.apache.org/licenses/LICENSE-2.0">License <i class="fa fa-external-link"></i></a></li>
<li><a href="https://www.apache.org/foundation/sponsorship">Sponsorship <i class="fa fa-external-link"></i></a></li>
<li><a href="https://www.apache.org/security">Security <i class="fa fa-external-link"></i></a></li>
<li><a href="https://www.apache.org/foundation/thanks">Thanks <i class="fa fa-external-link"></i></a></li>
<li><a href="https://www.apache.org/foundation/policies/conduct">Code of Conduct <i class="fa fa-external-link"></i></a></li>
</ul>
</li>
</ul>
</ul>
</div>
</div>
</nav>
<div class="container">
<div class="row">
<div class="col-md-12">
<div id="content">
<h1 class="title">Verifying a Release</h1>
<p>This guide for the verification of a release candidate is meant to encapsulate
the requirements of the PMC set forth by the ASF.</p>
<p>Verification of a release candidate can be broken down into three categories.</p>
<h2 id="pirk-correctness">Pirk Correctness</h2>
<p>Pirk contains unit and integration tests which can be automatically run via Maven. These tests can be invoked by issues the following commands:</p>
<div class="highlighter-rouge"><pre class="highlight"><code>$ mvn verify
</code></pre>
</div>
<p>Additionally, Pirk contains multiple distributed tests which must be run and must pass on a live cluster:</p>
<div class="highlighter-rouge"><pre class="highlight"><code>hadoop jar &lt;pirkJar&gt; org.apache.pirk.test.distributed.DistributedTestDriver -j &lt;full path to pirkJar&gt;
</code></pre>
</div>
<h2 id="foundation-level-requirements">Foundation Level Requirements</h2>
<p>The ASF requires that all artifacts in a release are cryptographically signed and distributed with hashes.</p>
<p>OpenPGP is an asymmetric encryption scheme which lends itself well to the globally distributed nature of Apache.
Verification of a release artifact can be done using the signature and the release-maker’s public key. Hashes
can be verified using the appropriate command (e.g. <code class="highlighter-rouge">sha1sum</code>, <code class="highlighter-rouge">md5sum</code>).</p>
<p>An Apache release must contain a source-only artifact. This is the official release artifact. While a release of
an Apache project can contain other artifacts that do contain binary files. These non-source artifacts are for
user convenience only, but still must adhere to the same licensing rules.</p>
<p>PMC members should take steps to verify that the source-only artifact does not contain any binary files. There is
some leeway in this rule. For example, test-only binary artifacts (such as test files or jars) are acceptable as long
as they are only used for testing the software and not running it.</p>
<p>The following are the aforementioned Foundation-level documents provided for reference:</p>
<ul>
<li><a href="https://www.apache.org/dev/apply-license">Applying the Apache Software License</a></li>
<li><a href="https://www.apache.org/legal/src-headers">Legal’s license application guidelines</a></li>
<li><a href="https://www.apache.org/legal/resolved">Common legal-discuss mailing list questions/resolutions</a></li>
<li><a href="https://www.apache.org/legal">ASF Legal Affairs Page</a></li>
</ul>
<h2 id="apache-software-license-application">Apache Software License Application</h2>
<p>Application of the Apache Software License v2 consists of the following steps on each artifact in a release. It’s
important to remember that for artifacts that contain other artifacts (e.g. a tarball that contains JAR files or
an RPM which contains JAR files), both the tarball, RPM and JAR files are subject to the following roles.</p>
<p>The difficulty in verifying each artifact is that, often times, each artifact requires a different LICENSE and NOTICE
file.</p>
<h3 id="license-file">LICENSE file</h3>
<p>The LICENSE file should be present at the top-level of the artifact. This file should be explicitly named <code class="highlighter-rouge">LICENSE</code>,
however <code class="highlighter-rouge">LICENSE.txt</code> is acceptable but not preferred. This file contains the text of the Apache Software License
at the top of the file. At the bottom of the file, all other open source licenses <em>contained in the given
artifact</em> must be listed at the bottom of the LICENSE file. Contained components that are licensed with the ASL themselves
do not need to be included in this file. It is common to see inclusions in file such as the MIT License of 3-clause
BSD License.</p>
<h3 id="notice-file">NOTICE file</h3>
<p>The NOTICE file should be present at the top-level of the artifact beside the LICENSE file. This file should be explicitly
name <code class="highlighter-rouge">NOTICE</code>, while <code class="highlighter-rouge">NOTICE.txt</code> is also acceptable but not preferred. This file contains the copyright notice for
the artifact being released. As a reminder, the copyright is held by the Apache Software Foundation, not the individual
project.</p>
<p>The second purpose this file serves is to distribute third-party notices from dependent software. Specifically, other code
which is licensed with the ASLv2 may also contain a NOTICE file. If such an artifact which contains a NOTICE file is
contained in artifact being verified for releases, the contents of the contained artifact’s NOTICE file should be appended
to this artifact’s NOTICE file.</p>
</div>
<footer>
<p><a href="https://www.apache.org"><img src="/images/feather-small.gif" alt="Apache Software Foundation" id="asf-logo" height="100" /></a></p>
<p>Copyright © 2016-2016 The Apache Software Foundation. Licensed under the <a href="https://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
</footer>
</div>
</div>
</div>
</body>
</html>