release_version
is the upcoming version number, such as 1.4.0; rc_version
is the Release Candidate, such as RC0, RC1...; KEY_ID is the GPG Key ID you created.
svn co https://dist.apache.org/repos/dist/dev/inlong/${release_version}-${rc_version}/
# Download KEYS curl https://downloads.apache.org/inlong/KEYS > KEYS # Import KEYS to local gpg --import KEYS
THE_KEY_USED
with the KEY used for this version.# After execution, enter trust -> 5(I trust ultimately) -> Y(Yes) -> quit gpg --edit-key THE_KEY_USED
cd ${release_version}-${rc_version} for i in *.tar.gz; do echo $i; gpg --verify $i.asc $i; done
:::note If the keyword Good signature
appears, the signature is correct. :::
Unzip apache-inlong-${release_version}-src.tar.gz
and check the following:
:::note You can check the compilation and unit test through mvn clean package install
. If the compilation fails, clean up the local warehouse first. :::
Unzip apache-inlong-${release_version}-bin.tar.gz
and apache-inlong-${release_version}-sort-connectors.tar.gz
and check the following:
If the verification is passed, you can refer to the following template for email replies.
+1 from me, and I checked the following items: - [X] Download links are valid. - [X] Checksums and PGP signatures are valid. - [X] Source code artifacts have correct names matching the current release. - [X] LICENSE and NOTICE files are correct for the repository. - [X] All files have license headers if necessary. - [X] No compiled archives bundled in the source archive. - [X] Building is OK.