For detailed check list, please refer to the official check list
Download the candidate version to be released to the local environment Need to rely on gpg tool, if not, it is recommended to install gpg2
:::caution Note If the network is poor, downloading may be time-consuming. The download is completed normally in about 20 minutes, please wait patiently. :::
#If there is svn locally, you can clone to the local $ svn co https://dist.apache.org/repos/dist/dev/linkis/${release_version}-${rc_version}/ #or download the material file directly $ wget https://dist.apache.org/repos/dist/dev/linkis/${release_version}-${rc_version}/xxx.xxx
Start the verification process, which includes but is not limited to the following content and forms
The package uploaded to dist must include the source code package, and the binary package is optional
First import the publisher's public key. Import KEYS from the svn repository to the local environment. (The person who releases the version does not need to import it again, the person who helps to do the verification needs to import it, and the user name is enough for the person who issued the version)
$ curl https://downloads.apache.org/linkis/KEYS > KEYS # Download KEYS $ gpg --import KEYS # Import KEYS to local
Trust the KEY used in this version
$ gpg --edit-key xxxxxxxxxx #KEY user used in this version gpg (GnuPG) 2.2.21; Copyright (C) 2020 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. gpg> trust #trust Please decide how far you trust this user to correctly verify other users' keys (by looking at passports, checking fingerprints from different sources, etc.) 1 = I don't know or won't say 2 = I do NOT trust 3 = I trust marginally 4 = I trust fully 5 = I trust ultimately m = back to the main menu Your decision? 5 #choose 5 Do you really want to set this key to ultimate trust? (y/N) y #choose y gpg>
$ for i in *.tar.gz; do echo $i; gpg --verify $i.asc $i; done #or $ gpg --verify apache-linkis-${release_version}-src.tar.gz.asc apache-linkis-${release_version}-src.tar.gz # If you upload a binary package, you also need to check whether the signature of the binary package is correct $ gpg --verify apache-linkis-${release_version}-bin.tar.gz.asc apache-linkis-${release_version}-bin.tar.gz
check result
If something like the following appears, it means the signature is correct. Keyword:
Good signature
apache-linkis-xxx-src.tar.gz gpg: Signature made XXXX gpg: using RSA key XXXXX gpg: Good signature from "xxx @apache.org>"
After calculating the sha512 hash locally, verify that it is consistent with the dist. If you upload a binary package, you also need to check the sha512 hash of the binary package
macOS/Linux
$ for i in *.tar.gz; do echo $i; sha512sum --check $i.sha512; done #or $ sha512sum --check apache-linkis-${release_version}-src.tar.gz.sha512 # If you upload a binary package, you also need to check whether the signature of the binary package is correct $ sha512sum --check apache-linkis-${release_version}-bin.tar.gz.sha512
Windows
$ certUtil -hashfile apache-linkis-${release_version}-xxx.tar.gz SHA512 #Compare the output content with the content of the apache-linkis-${release_version}-xxx.tar.gz.sha512 file
Unzip apache-linkis-${release_version}-src.tar.gz
$ tar -xvf apache-linkis-${release_version}-src.tar.gz $ cd apache-linkis-${release_version}-src
Mac OS/Linux
#normally can be executed within 5 minutes $ ./mvnw -N install $ ./mvnw apache-rat:check #Check all rat files after no exception $ find ./ -name rat.txt -print0 | xargs -0 -I file cat file > merged-rat.txt
Window
#normally can be executed within 5 minutes $ mvnw.cmd -N install $ mvnw.cmd apache-rat:check
The whitelist file of rat check is configured in the apache-rat-plugin plugin configuration in the outer pom.xml. Check all the license information in merged-rat.txt, and notice if the Binaries and Archives files are 0.
Notes: 0 Binaries: 0 Archives: 0 0 Unknown Licenses
Mac OS/Linux
$ ./mvnw -N install #If the performance of the machine where the compilation is located is relatively poor, this process will be time-consuming, usually about 30min $ ./mvnw clean install -Dmaven.javadoc.skip=true -Dmaven.test.skip=true
Window
$ mvnw.cmd -N install #If the performance of the machine where the compilation is located is relatively poor, this process will be time-consuming, usually about 30min $ mvnw.cmd clean install -Dmaven.javadoc.skip=true -Dmaven.test.skip=true
This will require node.js environment. It is recommended to use node v16 version.
First, install the packages:
npm install
Next, build the project:
npm run build
The console installation package apache-linkis-${version}-web-bin.tar.gz
will be generated after the above command is successfully executed
:::caution 1.An error occured when running npm install
:
Error: Can't find Python executable "python", you can set the PYTHON env variable
You can install the windows-build-tools (This requires administractor privileges)
$ npm install --global --production windows-build-tools
Install the node-gyp:
$ npm install --global node-gyp
2.If compilation fails, please clean up and re-execute as follows:
#Delete node_modules $ rm -rf node_modules #Delete package-lock.json $ rm -rf package-lock.json #Clean npm cache $ npm cache clear --force #Download packages again $ npm install
:::
and check as follows:
incubating
LICENSE
and NOTICE
filesNOTICE
file is correctIf the binary/web-binary package is uploaded, check the binary package.
Unzip apache-linkis-${release_version}-bin.tar.gz
$ mkdir apache-linkis-${release_version}-bin $ tar -xvf apache-linkis-${release_version}-bin.tar.gz -C apache-linkis-${release_version}-bin $ cd apache-linkis-${release_version}-bin
and check as follows:
LICENSE
and NOTICE
filesNOTICE
file is correctLICENSE
fileNOTICE
file, then these NOTICE
files also need to be added to the version of the NOTICE
fileYou can refer to this article: ASF Third Party License Policy
If you initiate a posting vote, you can refer to this response example to reply to the email after verification When replying to the email, you must bring the information that you have checked by yourself. Simply replying to +1 approve
is invalid.
When PMC members votes in the dev@linkis.apache.org linkis community, Please bring the binding suffix to indicate that it has a binding vote for the vote in the linkis community, and it is convenient to count the voting results.
Non-PMC member
+1 (non-binding)
I checked:
1. All download links are valid
2. Checksum and signature are OK
3. LICENSE and NOTICE are exist
4. Build successfully on macOS(Big Sur)
5.
PMC member
+1 (binding)
I checked:
1. All download links are valid
2. Checksum and signature are OK
3. LICENSE and NOTICE are exist
4. Build successfully on macOS(Big Sur)
5.
mvnw is short for Maven Wrapper. It can support running Maven projects without installing Maven and configuring environment variables. If it can't find it, it will download the corresponding Maven version according to the configuration file