Followed this document for release verification.
brew install gpg gpg-agent pinentry-mac
brew install maven md5sha1sum
wget https://dist.apache.org/repos/dist/dev/incubator/hivemall/KEYS
gpg --import KEYS
VERSION=0.6.0
RC_NUMBER=1
wget -e robots=off --no-check-certificate \
-r -np --reject=html,txt,tmp -nH --cut-dirs=5 \
https://dist.apache.org/repos/dist/dev/incubator/hivemall/${VERSION}-incubating-rc${RC_NUMBER}
cd ${VERSION}-incubating-rc${RC_NUMBER}/
for f in `find . -type f -iname '*.sha512'`; do
echo -n "Verifying ${f%.*} ... "
shasum -a 512 ${f%.*} | cut -f1 -d' ' | diff -Bw - ${f}
if [ $? -eq 0 ]; then
echo 'Valid'
else
echo "SHA512 is Invalid: ${f}" >&2
exit 1
fi
done
echo
for f in `find . -type f -iname '*.asc'`; do
gpg --verify ${f}
if [ $? -eq 0 ]; then
echo "GPG signature is correct: ${f%.*}"
else
echo "GPG signature is Invalid: ${f%.*}" >&2
exit 1
fi
echo
done
Note this is optional step.
unzip hivemall-${VERSION}-incubating-source-release.zip
cd hivemall-${VERSION}-incubating
# workaround for Maven sign-release-artifacts plugin
export GPG_TTY=$(tty)
# JDK 8 is required for packaging
export JAVA_HOME=`/usr/libexec/java_home -v 1.8`
# Try to create artifacts
export MAVEN_OPTS=-XX:MaxMetaspaceSize=256m
# (Optional) Workaround for SSL error `Received fatal alert: protocol_version`
export MAVEN_OPTS="$MAVEN_OPTS -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2"
# (Optional) Workaround for Surefire error:
# Could not find or load main class org.apache.maven.surefire.booter.ForkedBooter
export _JAVA_OPTIONS="-Djdk.net.URLClassPath.disableClassPathURLCheck=true"
# Try to create artifacts
# RAT license check and unit tests will be issued
mvn -Papache-release clean install
# Verify Signatures of Release Artifacts
cd target/
for file in `find . -type f -iname '*.asc'`; do
gpg --verify ${file}
done
Note that License check is automatically invoked in mvn -Papache-release clean install
.
mvn apache-rat:check
mvn license:check
Find binary files: