A guide for PMC members or other interested parties to help judge whether a specific set of Apache Lucy release artifacts deserves a +1 vote of approval.
Verify that every task listed on our ReleasePrep wiki page has been completed.
Signatures and sums
Verify that the Release Manager has properly published their PGP key, and that the PGP signature checks out:
$ # Obtain the KEYS file from the dist directory. $ curl -O http://www.apache.org/dist/lucy/KEYS $ # Add the keys and verify the signature. $ pgpk -a KEYS $ pgpk apache-lucy-X.Y.Z.tar.gz.asc $ # or... $ pgp -ka KEYS $ pgp apache-lucy-X.Y.Z.tar.gz.asc $ # or... $ gpg --import KEYS $ gpg --verify apache-lucy-X.Y.Z.tar.gz.asc
Confirm that the MD5 and SHA checksums are correct as well. If you have md5sum and/or shasum installed on your system, you can use them to perform automated verification:
$ md5sum -c apache-lucy-X.Y.Z.tar.gz.md5 $ shasum -c apache-lucy-X.Y.Z.tar.gz.sha
Otherwise, you can regenerate the sums yourself and eyeball them to confirm that they are the same:
$ # Should be identical sums, though the format may differ. $ cat apache-lucy-X.Y.Z.tar.gz.md5 $ gpg --print-md MD5 apache-lucy-X.Y.Z.tar.gz $ cat apache-lucy-X.Y.Z.tar.gz.sha $ gpg --print-md SHA512 apache-lucy-X.Y.Z.tar.gz
Building and testing
Decompress the Lucy archive and follow the instructions in INSTALL for building Lucy's Perl bindings, up to and including the "test" target. All tests must pass.
Perl 5.10.0 or later is recommended.
Our build scripts have targets for generating artifacts for certain major downstream distribution systems (e.g. CPAN). We must build, test, and inspect each set of downstream artifacts, ensure that all tests pass and that all crucial files are in place:
All downstream artifacts must be generated from a pristine, newly unpacked tarball.
Here's a recipe for building and testing the CPAN artifacts:
tar -zxf apache-lucy-X.Y.Z.tar.gz cd apache-lucy-X.Y.Z/ cd perl/ perl Build.PL ./Build dist tar -zxf Lucy-X.Y.Z.tar.gz cd Lucy-X.Y.Z/ perl Build.PL ./Build test