Details
-
Sub-task
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.17.0
-
None
Description
GPG Key
You need to have a GPG key to sign the release artifacts. Please be aware of the ASF-wide release signing guidelines. If you don’t have a GPG key associated with your Apache account, please create one according to the guidelines.
Determine your Apache GPG Key and Key ID, as follows:
$ gpg --list-keys
This will list your GPG keys. One of these should reflect your Apache account, for example:
-------------------------------------------------- pub 2048R/845E6689 2016-02-23 uid Nomen Nescio <anonymous@apache.org> sub 2048R/BA4D50BE 2016-02-23
In the example above, the key ID is the 8-digit hex string in the pub line: 845E6689.
Now, add your Apache GPG key to the Flink’s KEYS file in the Apache Flink release KEYS file repository at dist.apache.org. Follow the instructions listed at the top of these files. (Note: Only PMC members have write access to the release repository. If you end up getting 403 errors ask on the mailing list for assistance.)
Configure git to use this key when signing code by giving it your key ID, as follows:
$ git config --global user.signingkey 845E6689
You may drop the --global option if you’d prefer to use this key for the current repository only.
You may wish to start gpg-agent to unlock your GPG key only once using your passphrase. Otherwise, you may need to enter this passphrase hundreds of times. The setup for gpg-agent varies based on operating system, but may be something like this:
$ eval $(gpg-agent --daemon --no-grab --write-env-file $HOME/.gpg-agent-info)
$ export GPG_TTY=$(tty)
$ export GPG_AGENT_INFO
Access to Apache Nexus repository
Configure access to the Apache Nexus repository, which enables final deployment of releases to the Maven Central Repository.
- You log in with your Apache account.
- Confirm you have appropriate access by finding org.apache.flink under Staging Profiles.
- Navigate to your Profile (top right drop-down menu of the page).
- Choose User Token from the dropdown, then click Access User Token. Copy a snippet of the Maven XML configuration block.
- Insert this snippet twice into your global Maven settings.xml file, typically ${HOME}/.m2/settings.xml. The end result should look like this, where TOKEN_NAME and TOKEN_PASSWORD are your secret tokens:
<settings> <servers> <server> <id>apache.releases.https</id> <username>TOKEN_NAME</username> <password>TOKEN_PASSWORD</password> </server> <server> <id>apache.snapshots.https</id> <username>TOKEN_NAME</username> <password>TOKEN_PASSWORD</password> </server> </servers> </settings>
Website development setup
Get ready for updating the Flink website by following the website development instructions.
GNU Tar Setup for Mac (Skip this step if you are not using a Mac)
The default tar application on Mac does not support GNU archive format and defaults to Pax. This bloats the archive with unnecessary metadata that can result in additional files when decompressing (see 1.15.2-RC2 vote thread). Install gnu-tar and create a symbolic link to use in preference of the default tar program.
$ brew install gnu-tar $ ln -s /usr/local/bin/gtar /usr/local/bin/tar $ which tar
Expectations
- Release Manager’s GPG key is published to dist.apache.org
- Release Manager’s GPG key is configured in git configuration
- Release Manager's GPG key is configured as the default gpg key.
- Release Manager has org.apache.flink listed under Staging Profiles in Nexus
- Release Manager’s Nexus User Token is configured in settings.xml