Log4PHP Releaseplan

A. Infrastructure Setup (one time)

A.1 Get Familiar with Maven

Reading the Maven documentation is a good start - Releasing A Maven Project.

A.2 Signature Keys

You need to sign the released artifact using your PGP key which implies

you generated one
it is uploaded to a key server
it is signed on a key signing party
it is found in the KEY file (see http://svn.apache.org/repos/asf/incubator/log4php/meta)

B. Create the tag

Before starting this process shout a Code Freeze message at the developers list
make a clean checkout of the trunks sourcecode: svn checkout https://svn.apache.org/repos/asf/incubator/log4php/trunk log4php-release-trunk
run: mvn -Dusername=<your user> release:prepare -DdryRun to test the preparation
If something went wrong, you can clean up with: mvn release:clean
run: mvn -Dusername=<your user> -Dpassword=<your password> release:prepare to prepare the release. This should create a tag in SVN
Note: if the build fails with the message revision xyz not found, just rerun the prepare goal.
End code freeze with a short message to the developers list

Note: it's not good to provide a password directly but at the moment I didn't found another way. Any comments to improve this, please let us know on the mailinglist.

C. Create the binaries

make a clean checkout of the tags sourcecode: svn checkout https://svn.apache.org/repos/asf/incubator/log4php/tags/apache-log4php-2.0.0 log4php-release-tag
Create the site: mvn site
Create the assemblies (assembly is dependent to site): mvn assembly:assembly
cd target
ls should show at least:
1. Apache_log4php-2.0.0-incubating-pear.tgz
2. apache-log4php-2.0.0-incubating-src.tar.gz
3. apache-log4php-2.0.0-incubating-src.zip

D. Create checksums

You need to sign your binaries. On a Mac, you can do this with:

md5 -r Apache_log4php-2.0.0-incubating-pear.tgz > Apache_log4php-2.0.0-incubating-pear.tgz.md5
md5 -r apache-log4php-2.0.0-incubating-src.tar.gz > apache-log4php-2.0.0-incubating-src.tar.gz.md5
md5 -r apache-log4php-2.0.0-incubating-src.zip > apache-log4php-2.0.0-incubating-src.zip.md5

On Linux you can use md5sum:

md5sum -b Apache_log4php-2.0.0-incubating-pear.tgz > Apache_log4php-2.0.0-incubating-pear.tgz.md5
md5sum -b apache-log4php-2.0.0-incubating-src.tar.gz > apache-log4php-2.0.0-incubating-src.tar.gz.md5
md5sum -b apache-log4php-2.0.0-incubating-src.zip > apache-log4php-2.0.0-incubating-src.zip.md5

E. Sign your binaries

Sign your binaries. You can do this with gpg, which is available for both systems, mac and linux. The key for signing needs to be placed in: https://svn.apache.org/repos/asf/incubator/log4php/meta/KEYS

gpg --armor --output apache-log4php-2.0.0-incubating-src.tar.gz.asc --detach-sig apache-log4php-2.0.0-incubating-src.tar.gz
gpg --armor --output apache-log4php-2.0.0-incubating-src.zip.asc --detach-sig apache-log4php-2.0.0-incubating-src.zip
gpg --armor --output Apache_log4php-2.0.0-incubating-pear.tgz.asc --detach-sig Apache_log4php-2.0.0-incubating-pear.tgz

F. Upload to staging server

Upload the following to the appropriate directories on people.apache.org. Make sure, the folder has the correct release candidate number. If a vote fails and the package needs to be recreated, the RC number increases

all the release distributions
the detached signature files (.asc) for these releases
the md5 sums (.md5) for these releases

The files should be accessible like:

Please follow these steps:

Tar all necessary artifacts: tar cf release.tar Apache_log4php-2.0.0-incubating-pear.tgz* apache-log4php-2.0.0*
Gunzip the release.tar: gzip release.tar
Copy the release to the log4php folder: scp release.tar.gz <you>@people.apache.org:/builds/logging/log4php
Login to the people server
Change to <you>@minotaur:/builds/logging/log4php
mkdir 2.0.0
mkdir 2.0.0/RC1
mv release.tar.gz 2.0.0/RC1/
cd 2.0.0/RC1
gunzip release.tar.gz
tar -xf release.tar
rm release.tar

More information:

G. Vote

Vote on the packages on the staging server at the develops list
If vote passes, vote on the packages on the staging server at the incubator list

H. Releasing

after successful voting, archive older releases, if any.
copy the staged artifacts to the download server. The key file must be available there too.

Locations (according to: http://incubator.apache.org/guides/releasemanagement.html )

Send announcement to user, dev and incubator list and to the blog. Party on!

Verify releases

Signatures

Use another user to verify the signatures. (The user must have your code-signing public key loaded into their key ring.) Here's an example using GnuPG:

% gpg --verify log4php-2.0.0-incubating.tar.gz.asc log4php-2.0.0-incubating.tar.gz gpg: Signature made 03/01/03 19:34:31 GMT using DSA key ID B1313DE2 gpg: Good signature from "Robert Burrell Donkin (CODE SIGNING KEY) <rdonkin@apache.org>"

Check Sums

Verify md5 check sums. If you can, use another application to double check the sums. Here verifications are performed using openssl.

% openssl md5 < log4php-2.0.0-incubating.tar.gz a76169177e7a9b58118bcd993aff4a5e % cat log4php-2.0.0-incubating.tar.gz.md5 a76169177e7a9b58118bcd993aff4a5e

Checklist for binaries

the release archive MUST contain an Incubation disclaimer (as described in the previous section), clearly visible in the main documentation or README file.

Log4PHP/Log4PHPReleasePlan (last edited 2009-11-23 05:36:05 by ChristianGrobmeier)