-
Notifications
You must be signed in to change notification settings - Fork 100
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
- Loading branch information
Showing
14 changed files
with
135 additions
and
72 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -6638,19 +6638,25 @@ | |
| </span></span><span style=display:flex><span> | ||
| </span></span><span style=display:flex><span><span style=color:#8f5902;font-style:italic># 导入后可以看到如下输出, 这代表导入了 3 个用户公钥</span> | ||
| </span></span><span style=display:flex><span>gpg: /home/ubuntu/.gnupg/trustdb.gpg: trustdb created | ||
| </span></span><span style=display:flex><span>gpg: key B78B058CC255F6DC: public key <span style=color:#4e9a06>"Imba Jin (apache mail) <[email protected]>"</span> imported | ||
| </span></span><span style=display:flex><span>gpg: key BA7E78F8A81A885E: public key <span style=color:#4e9a06>"imbajin (apache mail) <[email protected]>"</span> imported | ||
| </span></span><span style=display:flex><span>gpg: key 818108E7924549CC: public key <span style=color:#4e9a06>"vaughn <[email protected]>"</span> imported | ||
| </span></span><span style=display:flex><span>gpg: key 28DCAED849C4180E: public key <span style=color:#4e9a06>"coderzc (CODE SIGNING KEY) <[email protected]>"</span> imported | ||
| </span></span><span style=display:flex><span>gpg: Total number processed: <span style=color:#0000cf;font-weight:700>3</span> | ||
| </span></span><span style=display:flex><span>gpg: imported: <span style=color:#0000cf;font-weight:700>3</span> | ||
| </span></span><span style=display:flex><span> | ||
| </span></span><span style=display:flex><span><span style=color:#8f5902;font-style:italic># 2. 信任发版用户 (这里需要信任 3 个, 对 Imba Jin, vaughn, coderzc 依次执行相同操作)</span> | ||
| </span></span><span style=display:flex><span>gpg --edit-key Imba Jin <span style=color:#8f5902;font-style:italic># 以第一个为例, 进入交互模式</span> | ||
| </span></span><span style=display:flex><span><span style=color:#8f5902;font-style:italic># 2. 信任发版用户 (你需要信任 n 个邮件里提到的 gpg 用户名, >1则依次执行相同操作)</span> | ||
| </span></span><span style=display:flex><span>gpg --edit-key <span style=color:#000>$USER</span> <span style=color:#8f5902;font-style:italic># 这里填写具体用户名或者公钥串, 回车进入交互模式</span> | ||
| </span></span><span style=display:flex><span>gpg> trust | ||
| </span></span><span style=display:flex><span>...输出选项.. | ||
| </span></span><span style=display:flex><span>Your decision? <span style=color:#0000cf;font-weight:700>5</span> <span style=color:#8f5902;font-style:italic>#选择5</span> | ||
| </span></span><span style=display:flex><span>Do you really want to <span style=color:#204a87>set</span> this key to ultimate trust? <span style=color:#ce5c00;font-weight:700>(</span>y/N<span style=color:#ce5c00;font-weight:700>)</span> y <span style=color:#8f5902;font-style:italic>#选择y, 然后 q 退出信任下一个用户</span> | ||
| </span></span><span style=display:flex><span>Your decision? <span style=color:#0000cf;font-weight:700>5</span> <span style=color:#8f5902;font-style:italic># 选择5</span> | ||
| </span></span><span style=display:flex><span>Do you really want to <span style=color:#204a87>set</span> this key to ultimate trust? <span style=color:#ce5c00;font-weight:700>(</span>y/N<span style=color:#ce5c00;font-weight:700>)</span> y <span style=color:#8f5902;font-style:italic># 选择y, 然后 q 退出信任下一个用户</span> | ||
| </span></span><span style=display:flex><span> | ||
| </span></span><span style=display:flex><span><span style=color:#8f5902;font-style:italic># (可选) 你也可以直接使用非交互模式的如下命令:</span> | ||
| </span></span><span style=display:flex><span><span style=color:#204a87>echo</span> -e <span style=color:#4e9a06>"5\ny\n"</span> <span style=color:#000;font-weight:700>|</span> gpg --batch --command-fd <span style=color:#0000cf;font-weight:700>0</span> --edit-key <span style=color:#000>$USER</span> trust | ||
| </span></span><span style=display:flex><span><span style=color:#8f5902;font-style:italic># 或者是信任所有当前导入过的 gpg 公钥 (请小心检查)</span> | ||
| </span></span><span style=display:flex><span><span style=color:#204a87;font-weight:700>for</span> key in <span style=color:#204a87;font-weight:700>$(</span>gpg --no-tty --list-keys --with-colons <span style=color:#000;font-weight:700>|</span> awk -F: <span style=color:#4e9a06>'/^pub/ {print $5}'</span><span style=color:#204a87;font-weight:700>)</span><span style=color:#000;font-weight:700>;</span> <span style=color:#204a87;font-weight:700>do</span> | ||
| </span></span><span style=display:flex><span> <span style=color:#204a87>echo</span> -e <span style=color:#4e9a06>"5\ny\n"</span> <span style=color:#000;font-weight:700>|</span> gpg --batch --command-fd <span style=color:#0000cf;font-weight:700>0</span> --edit-key <span style=color:#4e9a06>"</span><span style=color:#000>$key</span><span style=color:#4e9a06>"</span> trust | ||
| </span></span><span style=display:flex><span><span style=color:#204a87;font-weight:700>done</span> | ||
| </span></span><span style=display:flex><span> | ||
| </span></span><span style=display:flex><span><span style=color:#8f5902;font-style:italic># 3. 检查签名(确保没有 Warning 输出, 每一个 source/binary 文件都提示 Good Signature)</span> | ||
| </span></span><span style=display:flex><span><span style=color:#8f5902;font-style:italic>#单个文件验证</span> | ||
|
|
@@ -6659,7 +6665,7 @@ | |
| </span></span><span style=display:flex><span> | ||
| </span></span><span style=display:flex><span><span style=color:#8f5902;font-style:italic># 一行脚本快速验证所有包 (推荐使用,请确保所有 gpg 公钥已经信任)</span> | ||
| </span></span><span style=display:flex><span><span style=color:#204a87;font-weight:700>for</span> i in *.tar.gz<span style=color:#000;font-weight:700>;</span> <span style=color:#204a87;font-weight:700>do</span> <span style=color:#204a87>echo</span> <span style=color:#000>$i</span><span style=color:#000;font-weight:700>;</span> gpg --verify <span style=color:#000>$i</span>.asc <span style=color:#000>$i</span> <span style=color:#000;font-weight:700>;</span> <span style=color:#204a87;font-weight:700>done</span> | ||
| </span></span></code></pre></div><p>先确认了整体的"完整性 + 一致性", 然后接下来确认具体的内容 (<strong>关键</strong>)</p><h4 id=4-检查压缩包内容>4. 检查压缩包内容</h4><p>这里分源码包 + 二进制包两个方面, 源码包更为严格, 挑核心的部分说 (完整的列表可参考官方 <a href=https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist>Wiki</a>, 比较长)</p><p>首先我们需要从 apache 官方的 <code>release-candidate</code> 地址下载包到本地 (地址: <a href=https://dist.apache.org/repos/dist/dev/incubator/hugegraph/>点击跳转</a>)</p><h5 id=a-源码包>A. 源码包</h5><p>解压 <code>*hugegraph*src.tar.gz</code>后, 进行如下检查:</p><ol><li>文件夹都带有 <code>incubating</code>, 且不存在<strong>空的</strong>文件/文件夹</li><li>存在 <code>LICENSE</code> + <code>NOTICE</code> + 存在 <code>DISCLAIMER</code> 文件并且内容正常</li><li><strong>不存在</strong> 缺乏 License 的二进制文件</li><li>源码文件都包含标准 <code>ASF License</code> 头 (这个用插件跑一下为主)</li><li>检查每个父 / 子模块的 <code>pom.xml</code> 版本号是否一致 (且符合期望)</li><li>检查前 3 ~ 5 个 commit 提交,点进去看看是否修改处和源码文件一致</li><li>最后,确保源码可以正常 / 正确编译 (然后看看测试和规范)</li></ol><div class=highlight><pre tabindex=0 style=background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-bash data-lang=bash><span style=display:flex><span><span style=color:#8f5902;font-style:italic># 请优先使用/切换到 java 11 版本进行后序的编译和运行操作</span> | ||
| </span></span></code></pre></div><p>先确认了整体的"完整性 + 一致性", 然后接下来确认具体的内容 (<strong>关键</strong>)</p><h4 id=4-检查压缩包内容>4. 检查压缩包内容</h4><p>这里分源码包 + 二进制包两个方面, 源码包更为严格, 挑核心的部分说 (完整的列表可参考官方 <a href=https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist>Wiki</a>, 比较长)</p><p>首先我们需要从 apache 官方的 <code>release-candidate</code> 地址下载包到本地 (地址: <a href=https://dist.apache.org/repos/dist/dev/incubator/hugegraph/>点击跳转</a>)</p><h5 id=a-源码包>A. 源码包</h5><p>解压 <code>*hugegraph*src.tar.gz</code>后, 进行如下检查:</p><ol><li>文件夹都带有 <code>incubating</code>, 且不存在<strong>空的</strong>文件/文件夹</li><li>存在 <code>LICENSE</code> + <code>NOTICE</code> + 存在 <code>DISCLAIMER</code> 文件并且内容正常</li><li><strong>不存在</strong> 缺乏 License 的二进制文件</li><li>源码文件都包含标准 <code>ASF License</code> 头 (这个用插件跑一下为主)</li><li>检查每个父 / 子模块的 <code>pom.xml</code> 版本号是否一致 (且符合期望)</li><li>最后,确保源码可以正常 / 正确编译 (然后看看测试和规范)</li></ol><p>PMC 同学请特别注意认真检查 <code>LICENSE</code> + <code>NOTICE</code> 文件, 确保文件严格遵循了 ASF 的发版要求, 大部分的发版问题都与之相关</p><div class=highlight><pre tabindex=0 style=background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-bash data-lang=bash><span style=display:flex><span><span style=color:#8f5902;font-style:italic># 请优先使用/切换到 java 11 版本进行后序的编译和运行操作</span> | ||
| </span></span><span style=display:flex><span><span style=color:#8f5902;font-style:italic># java --version</span> | ||
| </span></span><span style=display:flex><span> | ||
| </span></span><span style=display:flex><span><span style=color:#8f5902;font-style:italic># 尝试在 Unix 环境下编译测试是否正常</span> | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -74,19 +74,25 @@ | |
| </span></span><span style=display:flex><span> | ||
| </span></span><span style=display:flex><span><span style=color:#8f5902;font-style:italic># 导入后可以看到如下输出, 这代表导入了 3 个用户公钥</span> | ||
| </span></span><span style=display:flex><span>gpg: /home/ubuntu/.gnupg/trustdb.gpg: trustdb created | ||
| </span></span><span style=display:flex><span>gpg: key B78B058CC255F6DC: public key <span style=color:#4e9a06>"Imba Jin (apache mail) <[email protected]>"</span> imported | ||
| </span></span><span style=display:flex><span>gpg: key BA7E78F8A81A885E: public key <span style=color:#4e9a06>"imbajin (apache mail) <[email protected]>"</span> imported | ||
| </span></span><span style=display:flex><span>gpg: key 818108E7924549CC: public key <span style=color:#4e9a06>"vaughn <[email protected]>"</span> imported | ||
| </span></span><span style=display:flex><span>gpg: key 28DCAED849C4180E: public key <span style=color:#4e9a06>"coderzc (CODE SIGNING KEY) <[email protected]>"</span> imported | ||
| </span></span><span style=display:flex><span>gpg: Total number processed: <span style=color:#0000cf;font-weight:700>3</span> | ||
| </span></span><span style=display:flex><span>gpg: imported: <span style=color:#0000cf;font-weight:700>3</span> | ||
| </span></span><span style=display:flex><span> | ||
| </span></span><span style=display:flex><span><span style=color:#8f5902;font-style:italic># 2. 信任发版用户 (这里需要信任 3 个, 对 Imba Jin, vaughn, coderzc 依次执行相同操作)</span> | ||
| </span></span><span style=display:flex><span>gpg --edit-key Imba Jin <span style=color:#8f5902;font-style:italic># 以第一个为例, 进入交互模式</span> | ||
| </span></span><span style=display:flex><span><span style=color:#8f5902;font-style:italic># 2. 信任发版用户 (你需要信任 n 个邮件里提到的 gpg 用户名, >1则依次执行相同操作)</span> | ||
| </span></span><span style=display:flex><span>gpg --edit-key <span style=color:#000>$USER</span> <span style=color:#8f5902;font-style:italic># 这里填写具体用户名或者公钥串, 回车进入交互模式</span> | ||
| </span></span><span style=display:flex><span>gpg> trust | ||
| </span></span><span style=display:flex><span>...输出选项.. | ||
| </span></span><span style=display:flex><span>Your decision? <span style=color:#0000cf;font-weight:700>5</span> <span style=color:#8f5902;font-style:italic>#选择5</span> | ||
| </span></span><span style=display:flex><span>Do you really want to <span style=color:#204a87>set</span> this key to ultimate trust? <span style=color:#ce5c00;font-weight:700>(</span>y/N<span style=color:#ce5c00;font-weight:700>)</span> y <span style=color:#8f5902;font-style:italic>#选择y, 然后 q 退出信任下一个用户</span> | ||
| </span></span><span style=display:flex><span>Your decision? <span style=color:#0000cf;font-weight:700>5</span> <span style=color:#8f5902;font-style:italic># 选择5</span> | ||
| </span></span><span style=display:flex><span>Do you really want to <span style=color:#204a87>set</span> this key to ultimate trust? <span style=color:#ce5c00;font-weight:700>(</span>y/N<span style=color:#ce5c00;font-weight:700>)</span> y <span style=color:#8f5902;font-style:italic># 选择y, 然后 q 退出信任下一个用户</span> | ||
| </span></span><span style=display:flex><span> | ||
| </span></span><span style=display:flex><span><span style=color:#8f5902;font-style:italic># (可选) 你也可以直接使用非交互模式的如下命令:</span> | ||
| </span></span><span style=display:flex><span><span style=color:#204a87>echo</span> -e <span style=color:#4e9a06>"5\ny\n"</span> <span style=color:#000;font-weight:700>|</span> gpg --batch --command-fd <span style=color:#0000cf;font-weight:700>0</span> --edit-key <span style=color:#000>$USER</span> trust | ||
| </span></span><span style=display:flex><span><span style=color:#8f5902;font-style:italic># 或者是信任所有当前导入过的 gpg 公钥 (请小心检查)</span> | ||
| </span></span><span style=display:flex><span><span style=color:#204a87;font-weight:700>for</span> key in <span style=color:#204a87;font-weight:700>$(</span>gpg --no-tty --list-keys --with-colons <span style=color:#000;font-weight:700>|</span> awk -F: <span style=color:#4e9a06>'/^pub/ {print $5}'</span><span style=color:#204a87;font-weight:700>)</span><span style=color:#000;font-weight:700>;</span> <span style=color:#204a87;font-weight:700>do</span> | ||
| </span></span><span style=display:flex><span> <span style=color:#204a87>echo</span> -e <span style=color:#4e9a06>"5\ny\n"</span> <span style=color:#000;font-weight:700>|</span> gpg --batch --command-fd <span style=color:#0000cf;font-weight:700>0</span> --edit-key <span style=color:#4e9a06>"</span><span style=color:#000>$key</span><span style=color:#4e9a06>"</span> trust | ||
| </span></span><span style=display:flex><span><span style=color:#204a87;font-weight:700>done</span> | ||
| </span></span><span style=display:flex><span> | ||
| </span></span><span style=display:flex><span><span style=color:#8f5902;font-style:italic># 3. 检查签名(确保没有 Warning 输出, 每一个 source/binary 文件都提示 Good Signature)</span> | ||
| </span></span><span style=display:flex><span><span style=color:#8f5902;font-style:italic>#单个文件验证</span> | ||
|
|
@@ -95,7 +101,7 @@ | |
| </span></span><span style=display:flex><span> | ||
| </span></span><span style=display:flex><span><span style=color:#8f5902;font-style:italic># 一行脚本快速验证所有包 (推荐使用,请确保所有 gpg 公钥已经信任)</span> | ||
| </span></span><span style=display:flex><span><span style=color:#204a87;font-weight:700>for</span> i in *.tar.gz<span style=color:#000;font-weight:700>;</span> <span style=color:#204a87;font-weight:700>do</span> <span style=color:#204a87>echo</span> <span style=color:#000>$i</span><span style=color:#000;font-weight:700>;</span> gpg --verify <span style=color:#000>$i</span>.asc <span style=color:#000>$i</span> <span style=color:#000;font-weight:700>;</span> <span style=color:#204a87;font-weight:700>done</span> | ||
| </span></span></code></pre></div><p>先确认了整体的"完整性 + 一致性", 然后接下来确认具体的内容 (<strong>关键</strong>)</p><h4 id=4-检查压缩包内容>4. 检查压缩包内容</h4><p>这里分源码包 + 二进制包两个方面, 源码包更为严格, 挑核心的部分说 (完整的列表可参考官方 <a href=https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist>Wiki</a>, 比较长)</p><p>首先我们需要从 apache 官方的 <code>release-candidate</code> 地址下载包到本地 (地址: <a href=https://dist.apache.org/repos/dist/dev/incubator/hugegraph/>点击跳转</a>)</p><h5 id=a-源码包>A. 源码包</h5><p>解压 <code>*hugegraph*src.tar.gz</code>后, 进行如下检查:</p><ol><li>文件夹都带有 <code>incubating</code>, 且不存在<strong>空的</strong>文件/文件夹</li><li>存在 <code>LICENSE</code> + <code>NOTICE</code> + 存在 <code>DISCLAIMER</code> 文件并且内容正常</li><li><strong>不存在</strong> 缺乏 License 的二进制文件</li><li>源码文件都包含标准 <code>ASF License</code> 头 (这个用插件跑一下为主)</li><li>检查每个父 / 子模块的 <code>pom.xml</code> 版本号是否一致 (且符合期望)</li><li>检查前 3 ~ 5 个 commit 提交,点进去看看是否修改处和源码文件一致</li><li>最后,确保源码可以正常 / 正确编译 (然后看看测试和规范)</li></ol><div class=highlight><pre tabindex=0 style=background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-bash data-lang=bash><span style=display:flex><span><span style=color:#8f5902;font-style:italic># 请优先使用/切换到 java 11 版本进行后序的编译和运行操作</span> | ||
| </span></span></code></pre></div><p>先确认了整体的"完整性 + 一致性", 然后接下来确认具体的内容 (<strong>关键</strong>)</p><h4 id=4-检查压缩包内容>4. 检查压缩包内容</h4><p>这里分源码包 + 二进制包两个方面, 源码包更为严格, 挑核心的部分说 (完整的列表可参考官方 <a href=https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist>Wiki</a>, 比较长)</p><p>首先我们需要从 apache 官方的 <code>release-candidate</code> 地址下载包到本地 (地址: <a href=https://dist.apache.org/repos/dist/dev/incubator/hugegraph/>点击跳转</a>)</p><h5 id=a-源码包>A. 源码包</h5><p>解压 <code>*hugegraph*src.tar.gz</code>后, 进行如下检查:</p><ol><li>文件夹都带有 <code>incubating</code>, 且不存在<strong>空的</strong>文件/文件夹</li><li>存在 <code>LICENSE</code> + <code>NOTICE</code> + 存在 <code>DISCLAIMER</code> 文件并且内容正常</li><li><strong>不存在</strong> 缺乏 License 的二进制文件</li><li>源码文件都包含标准 <code>ASF License</code> 头 (这个用插件跑一下为主)</li><li>检查每个父 / 子模块的 <code>pom.xml</code> 版本号是否一致 (且符合期望)</li><li>最后,确保源码可以正常 / 正确编译 (然后看看测试和规范)</li></ol><p>PMC 同学请特别注意认真检查 <code>LICENSE</code> + <code>NOTICE</code> 文件, 确保文件严格遵循了 ASF 的发版要求, 大部分的发版问题都与之相关</p><div class=highlight><pre tabindex=0 style=background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-bash data-lang=bash><span style=display:flex><span><span style=color:#8f5902;font-style:italic># 请优先使用/切换到 java 11 版本进行后序的编译和运行操作</span> | ||
| </span></span><span style=display:flex><span><span style=color:#8f5902;font-style:italic># java --version</span> | ||
| </span></span><span style=display:flex><span> | ||
| </span></span><span style=display:flex><span><span style=color:#8f5902;font-style:italic># 尝试在 Unix 环境下编译测试是否正常</span> | ||
|
|
||
Oops, something went wrong.