How to Build a Release of OpenMeetings
Required tools
To build a binary release of OpenMeetings you need:
- Sun JDK8
- Apache Maven 3.3.9
- SVN Command line client (Subversion 1.7 required!) http://subversion.apache.org/packages.html
- A text editor
- You need to be online! The build process actively downloads needed libraries and dependencies.
- Valid certficate to be able to enter https://securesigning.websecurity.symantec.com/csportal/ Please ask INFRA in case you need one.
Prepare your Apache ID
- Every release package must be signed with a PGP/GPG key.
So if you want to release a package your Apache Id must be connected with a PGP key!
You might follow:
http://www.apache.org/dev/new-committers-guide.html#security-and-pgp
In short:- Create PGP key pairs (private + public) (and I recommend creating a Revoke Cert)
- Upload the public key (either bei using the PGP Tool that you use to create the key) or by using the web form to: http://pgp.mit.edu/
- Add the fingerprint string (something like "BF13 CF11 F9C9 0CBE 4413 09AB 0055 16BF 93A3 0395") to your profile at https://id.apache.org/
- Wait for 6-8 hours, the server will search for a public key based on your fingerprint, if success it will create a file with your name at:
https://people.apache.org/keys/committer/ - If that is "success" then add your key to:
https://svn.apache.org/repos/asf/openmeetings/project/KEYS
and follow the instructions in the file.
- Maven
- Ensure you able to login to https://repository.apache.org
- Set up development environment as described here: Setup development environment
Don't forget to secure passwords as described here: Password Encryption
Step1 - Prepare files
- Check that all files:
LICENSE, NOTICE, DISCLAIMER, CHANGELOG, README
are up to date and refer to the right version. - Update following files in OM documentation:
openmeetings-server/src/site/xdoc/index.xml
openmeetings-server/src/site/xdoc/NewsArchive.xml
openmeetings-server/src/site/xdoc/downloads.xml
- Create a TAG of the SVN tree that you would like to release
Example:svn copy -r1453158 https://svn.apache.org/repos/asf/openmeetings/application/trunk \ https://svn.apache.org/repos/asf/openmeetings/application/tags/3.1.0RC1 \ -m "3.1.0 Release candidate 1"
-
Get the source from your TAG:
svn checkout https://svn.apache.org/repos/asf/openmeetings/application/tags/$BRANCHORTAG/
$BRANCHORTAG should be replaced with your new TAG
-
Update versions of all modules
mvn versions:set -DgenerateBackupPoms=false -DnewVersion=3.1.0
- Deploy release artifacts to Maven
-
mvn clean mvn deploy -Pdeploy,rc
-
-
Run the command:
mvn clean install -P allModules,rc
-
Test building the source on windows and OSx or Linux
Test running the binary's
-
Commit artifacts you have created with KEYS file to the https://dist.apache.org/repos/dist/dev/openmeetings/ Proposed file structure for "Release Candidate 1" of 3.1.0 will be:
3.1.0 3.1.0/rc1 3.1.0/rc1/src 3.1.0/rc1/src/apache-openmeetings-3.1.0-src.zip 3.1.0/rc1/src/apache-openmeetings-3.1.0-src.tar.gz 3.1.0/rc1/src/apache-openmeetings-3.1.0-src.zip.sha 3.1.0/rc1/src/apache-openmeetings-3.1.0-src.zip.asc 3.1.0/rc1/src/apache-openmeetings-3.1.0-src.tar.gz.sha 3.1.0/rc1/src/apache-openmeetings-3.1.0-src.tar.gz.asc 3.1.0/rc1/bin 3.1.0/rc1/bin/apache-openmeetings-3.1.0.zip 3.1.0/rc1/bin/apache-openmeetings-3.1.0.tar.gz 3.1.0/rc1/bin/apache-openmeetings-3.1.0.zip.sha 3.1.0/rc1/bin/apache-openmeetings-3.1.0.zip.asc 3.1.0/rc1/bin/apache-openmeetings-3.1.0.tar.gz.sha 3.1.0/rc1/bin/apache-openmeetings-3.1.0.tar.gz.asc 3.1.0/rc1/CHANGELOG 3.1.0/rc1/KEYS
Step2 - VOTE and RESULT emails
Send a "VOTE" to the developer mailing list including links to release artifacts.
A VOTE always contains two parts:
Send an email to the developer mailing list with the subject line:
[VOTE] Apache OpenMeetings x.xx release
An example for such an email: example Vote email example Vote email (Incubator)
Forward (Not CC) this Vote email to: private@openmeetings.apache.org
After the vote is over, send a "RESULT" email to the list with the subject line:
[RESULT][VOTE] Apache OpenMeetings x.xx release
An example for such an email: example Result email
Forward (Not CC) this RESULT VOTE email to: private@openmeetings.apache.org
Votes on whether a package is ready to be released use majority approval -- i.e., at least three PMC members must vote affirmatively for release, and there must be more positive than negative votes. Releases may not be vetoed. Before voting +1 PMC members are required to download the signed source code package, compile it as provided, and test the resulting executable on their own platform, along with also verifying that the package meets the requirements of the ASF policy on releases.
Step3 - Sign web start application
If VOTEs positive: Sign screen sharing web application and re-pack the release
- Go to the folder you check out: https://svn.apache.org/repos/asf/openmeetings/application/tags/$BRANCHORTAG/
-
Run the command:
cd openmeetings-screenshare mvn clean install -Prc,release
- Go to https://securesigning.websecurity.symantec.com/csportal/
- Select "Signing Sets"
- Select "Add signing set"
- Enter "Signing set name" (must include "Apache OpenMeetings" and version) for ex. "Apache OpenMeetings 3.1.0-RELEASE"
- Enter "Version" for ex. "3.1.0-RELEASE"
- Select "Java Signing Sha256" as "Signing service"
- Select "Upload files" and add all jar files from target/jnlp
- Select "Sign now"
- Select "Type of signing" -> "Production"
- Select "Sign"
- Select "Download set"
- Open binary artifacts of OM created on previous step (both tar.gz and zip)
- Replace jar files inside artifacts webapps/openmeetings/screenshare with the signed ones
- Re-create artifact signatures
Create sha256sum checksums
#On OSX you might use this command to make a SHA checksum and store it to a file shasum -a 256 -r apache-openmeetings-XXX-src.zip >apache-openmeetings-XXX-src.zip.sha256
#To create SHA hashes On Ubuntu: for f in `ls -1 *.tar.gz *.zip`; do sha256sum $f > $f.sha256; done #To check SHA hashes On Ubuntu: for f in `ls -1 *.tar.gz *.zip`; do sha256sum -c $f.sha256; done
Create signatures with the your KEY for every file, the KEY must be available at:
https://svn.apache.org/repos/asf/openmeetings/project/KEYS#To create signatures On Ubuntu: for f in `ls -1 *.tar.gz *.zip`; do gpg --armor --output $f.asc --detach-sig $f; done #To check signatures On Ubuntu: for f in `ls -1 *.tar.gz *.zip`; do gpg --verify $f.asc; done
NOTE: "Type of signing" can be selected as "Test" to check everything works as expected
Step4 - Distribute and announce
If VOTEs positive: Upload the release
- Upload Artifacts with signatures created on the previous steps to https://dist.apache.org/repos/dist/release/openmeetings/CURRENT_VERSION
- Close staging repo:
- Go to: Staging Repositories
- Select openmeetings staging repo and Close it with valid message:
for ex. "The VOTE about 3.1.2 release was successful" - Select openmeetings staging repo and Release it with valid message:
for ex. "The VOTE about 3.1.2 release was successful"
- Wait 24 hours (until all Apache mirrors have synced the packages) and send an announcement to the mailing list + blog and any other channel.
- Email announcements should have the subject line:
[ANNOUNCE] Apache OpenMeetings x.xx released - Update release section of DOAP file site/trunk/doap.rdf (https://svn.apache.org/repos/asf/openmeetings/site/trunk/doap.rdf)
- Add a section to downloads website.
Make sure that the binary packages are linked using the mirror URL as base path ( not http://www.apache.org/dist):
Mirror URL: http://www.apache.org/dyn/closer.lua/openmeetings/ - Release candidates should be deleted from https://dist.apache.org/repos/dist/dev/openmeetings/
Old releases should be deleted from https://dist.apache.org/repos/dist/release/openmeetings/