Skip to main content

How to Verify Release Candidate

Download the release candidate

release_version is the upcoming version number, such as 1.4.0; rc_version is the Release Candidate, such as RC0, RC1...; KEY_ID is the GPG Key ID you created.

svn co https://dist.apache.org/repos/dist/dev/inlong/${release_version}-${rc_version}/

verify the version

Check whether the release package is complete

  • Whether to include the source package
  • Whether to include the signature and sha512 of the source package
  • If a binary package is uploaded, the signature and sha512 are also checked

Check the GPG signature

  • Import public key
# Download KEYS
curl https://downloads.apache.org/inlong/KEYS > KEYS
# Import KEYS to local
gpg --import KEYS
  • trust the public key Replace THE_KEY_USED with the KEY used for this version.
# After execution, enter trust -> 5(I trust ultimately) -> Y(Yes) -> quit
gpg --edit-key THE_KEY_USED
  • Check the signature using the following command
cd ${release_version}-${rc_version}
for i in *.tar.gz; do echo $i; gpg --verify $i.asc $i; done
note

If the keyword Good signature appears, the signature is correct.

Check the file content of the source package

Unzip apache-inlong-${release_version}-src.tar.gz and check the following:

  • Whether the LICENSE and NOTICE file exists and whether the content is correct
  • Whether all files have an ASF License header
  • Whether the source code can be compiled normally
  • Whether the single test can run through
note

You can check the compilation and UTs through mvn clean package install -DskipTests && mvn test. If the compilation fails, clean up the local repository first.

Check binary packages

Unzip apache-inlong-${release_version}-bin.tar.gz, and the Sort Connector corresponding to your Flink version, then check the following:

  • Whether the LICENSE and NOTICE file exists and whether the content is correct
  • Whether the normal deployment is successful
  • Deploy the test environment and verify whether the production and consumption can run normally
  • Verify what you think might be going wrong

Reply the email

If the verification is passed, you can refer to the following template for email replies.

+1 from me, and I checked the following items:
- [X] Download links are valid.
- [X] Checksums and PGP signatures are valid.
- [X] Source code artifacts have correct names matching the current release.
- [X] LICENSE and NOTICE files are correct for the repository.
- [X] All files have license headers if necessary.
- [X] No compiled archives bundled in the source archive.
- [X] Building is OK.