Skip to content

Instantly share code, notes, and snippets.

@myui

myui/hivemall_verify.md

Last active December 3, 2019 06:32
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save myui/4ef7b8a5d8d85529f083a42c0daa3869 to your computer and use it in GitHub Desktop.
Save myui/4ef7b8a5d8d85529f083a42c0daa3869 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
hivemall_verify.md

Followed this document for release verification.

Install required softwares

brew install gpg gpg-agent pinentry-mac
brew install maven md5sha1sum

Import GPG KEYS for verification

wget https://dist.apache.org/repos/dist/dev/incubator/hivemall/KEYS
gpg --import KEYS

Download all release artifacts

VERSION=0.6.0
RC_NUMBER=1

wget -e robots=off --no-check-certificate \
 -r -np --reject=html,txt,tmp -nH --cut-dirs=5 \
 https://dist.apache.org/repos/dist/dev/incubator/hivemall/${VERSION}-incubating-rc${RC_NUMBER}

Verify SHA512, and GPG signatures.

cd ${VERSION}-incubating-rc${RC_NUMBER}/

for f in `find . -type f -iname '*.sha512'`; do
  echo -n "Verifying ${f%.*} ... "
  shasum -a 512 ${f%.*} | cut -f1 -d' ' | diff -Bw - ${f}
  if [ $? -eq 0 ]; then
    echo 'Valid'
  else 
    echo "SHA512 is Invalid: ${f}" >&2
    exit 1
  fi  
done
echo
for f in `find . -type f -iname '*.asc'`; do
  gpg --verify ${f}
  if [ $? -eq 0 ]; then
    echo "GPG signature is correct: ${f%.*}"
  else
    echo "GPG signature is Invalid: ${f%.*}" >&2
	exit 1
  fi
  echo
done

Build, Test, and Verify source

Note this is optional step.

unzip hivemall-${VERSION}-incubating-source-release.zip
cd hivemall-${VERSION}-incubating

# workaround for Maven sign-release-artifacts plugin
export GPG_TTY=$(tty)

# JDK 8 is required for packaging
export JAVA_HOME=`/usr/libexec/java_home -v 1.8`

# Try to create artifacts
export MAVEN_OPTS=-XX:MaxMetaspaceSize=256m

# (Optional) Workaround for SSL error `Received fatal alert: protocol_version`
export MAVEN_OPTS="$MAVEN_OPTS -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2"

# (Optional) Workaround for Surefire error:
# Could not find or load main class org.apache.maven.surefire.booter.ForkedBooter
export _JAVA_OPTIONS="-Djdk.net.URLClassPath.disableClassPathURLCheck=true"

# Try to create artifacts
# RAT license check and unit tests will be issued
mvn -Papache-release clean install

# Verify Signatures of Release Artifacts
cd target/
for file in `find . -type f -iname '*.asc'`; do
  gpg --verify ${file}
done

Note that License check is automatically invoked in mvn -Papache-release clean install.

mvn apache-rat:check
mvn license:check
@myui
Copy link
Author

myui commented Dec 3, 2019
edited

Find binary files:

find . -type f |  perl -lne 'print if -B' | grep -vE '\.png$|\.ttf$|\.ico$|\.woff|\.woff$|\.gitkeep$|\.otf$|\.eot$'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment