如何进行版本发布
本教程详细描述了如何发布Apache StreamPark,并以2.1.0版本的发布为例。
1. 环境要求
此发布过程在Ubuntu OS中进行操作,并需要以下环境:
- JDK 1.8+
- Apache Maven 3.x (此处使用 3.8.7)
- GnuPG 2.x
- Git
- SVN (Apache使用svn来托管项目发布)
注意需要设置环境变量
export GPG_TTY=$(tty)
2. 准备发布
首先整理帐户信息以更好地了解操作过程,稍后会多次使用。
- apache id:
muchunjin (APACHE LDAP 用户名)
- apache passphrase:
APACHE LDAP 密钥
- apache email:
muchunjin@apache.org
- gpg real name:
muchunjin (任何名称均可用, 在这里我将其设置为与apache id相同的名称)
- gpg key passphrase:
创建gpg密钥时设置的密码,你需要记住此密码
2.1 生成密钥
$ gpg --full-gen-key
gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(14) Existing key from card
Your selection? 1 # Please enter 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096 # Please enter 4096 here
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0 # Please enter 0
Key does not expire at all
Is this correct? (y/N) y # Please enter y here
GnuPG needs to construct a user ID to identify your key.
Real name: muchunjin # Please enter 'gpg real name'
Email address: muchunjin@apache.org # Please enter your apache email address here
Comment: for apache StreamPark release create at 20230501 # Please enter some comments here
You selected this USER-ID:
"muchunjin (for apache StreamPark release create at 20230501) <muchunjin@apache.org>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O # Please enter O here
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
# At this time, a dialog box will pop up, asking you to enter the key for this gpg.
# you need to remember that it will be used in subsequent steps.
┌─────────────────────────────────────────────────────┐
│ Please enter this passphrase to │
│ protect your new key │
│ │
│ Passphrase: _______________________________________ │
│ │
│ <OK> <Cancel> │
└─────────────────────────────────────────────────────┘
# Here you need to re-enter the password in the previous step.
┌─────────────────────────────────────────────────────┐
│ Please re-enter this passphrase │
│ │
│ Passphrase: _______________________________________ │
│ │
│ <OK> <Cancel> │
└─────────────────────────────────────────────────────┘
gpg: key ACFB69E705016886 marked as ultimately trusted
gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/DC12398CCC33A5349EB9663DF9D970AB18C9EDF6.rev'
public and secret key created and signed.
pub rsa4096 2023-05-01 [SC]
85778A4CE4DD04B7E07813ABACFB69E705016886
uid muchunjin (for apache StreamPark release create at 20230501) <muchunjin@apache.org>
sub rsa4096 2023-05-01 [E]
密钥可以通过gpg --list-signatures
命令查看
2.2 将生成的密钥上传到公共服务器
$ gpg --keyid-format SHORT --list-keys
/root/.gnupg/pubring.kbx
------------------------
pub rsa4096/05016886 2023-05-01 [SC]
85778A4CE4DD04B7E07813ABACFB69E705016886
uid [ultimate] muchunjin (for apache StreamPark release create at 20230501) <muchunjin@apache.org>
sub rsa4096/0C5A4E1C 2023-05-01 [E]
# Send public key to keyserver via key id
$ gpg --keyserver keyserver.ubuntu.com --send-key 584EE68E
# Among them, keyserver.ubuntu.com is the selected keyserver, it is recommended to use this, because the Apache Nexus verification uses this keyserver
配置 gnupg 使用标准 DNS 解析:
# resolves common "gpg: keyserver receive failed: Network is unreachable" and
# "gpg: keyserver receive failed: No keyserver available" errors
echo "standard-resolver" > ~/.gnupg/dirmngr.conf
sudo pkill dirmngr
2.3 检查密钥是否创建成功
验证是否已经同步到公共网络,需要一分钟左右才能知道答案,如果不成功,您可以多次上传并重试。
$ gpg --keyserver keyserver.ubuntu.com --recv-keys 05016886 # If the following content appears, it means success
gpg: key ACFB69E705016886: "muchunjin (for apache StreamPark release create at 20230501) <muchunjin@apache.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
或者进入 https://keyserver.ubuntu.com/ 网址,输入密钥的名称,然后点击'Search key'
如果查询结果如下,表示密钥创建成功。
2.4 将 gpg 公钥添加到 Apache SVN 项目仓库的 KEYS 文件中
- Apache StreamPark Dev分支 https://dist.apache.org/repos/dist/dev/incubator/streampark
- Apache StreamPark Release分支 https://dist.apache.org/repos/dist/release/incubator/streampark/
2.4.1 将公钥添加到dev分支的KEYS
$ mkdir -p streampark_svn/dev
$ cd streampark_svn/dev
$ svn co https://dist.apache.org/repos/dist/dev/incubator/streampark
$ cd streampark_svn/dev/streampark
# 将生成的KEY追加到KEYS文件中,检查是否添加正确
$ (gpg --list-sigs muchunjin@apache.org && gpg --export --armor muchunjin@apache.org) >> KEYS
$ svn ci -m "add gpg key for muchunjin"
2.4.2 将公钥添加到release分支的KEYS
$ mkdir -p streampark_svn/release
$ cd streampark_svn/release
$ svn co https://dist.apache.org/repos/dist/release/incubator/streampark/
$ cd streampark_svn/release/streampark
# 将生成的KEY追加到KEYS文件中,检查是否添加正确
$ (gpg --list-sigs muchunjin@apache.org && gpg --export --armor muchunjin@apache.org) >> KEYS
$ svn ci -m "add gpg key for muchunjin"
2.5 配置 apache maven 路径和用户密码设置
- 生成主密码
$ mvn --encrypt-master-password <apache password>
{EM+4/TYVDXYHRbkwjjAS3mE1RhRJXJUSG8aIO5RSxuHU26rKCjuS2vG+/wMjz9te}
- 创建文件
${user.home}/.m2/settings-security.xml
并配置上一步创建的密码
<settingsSecurity>
<master>{EM+4/TYVDXYHRbkwjjAS3mE1RhRJXJUSG8aIO5RSxuHU26rKCjuS2vG+/wMjz9te}</master>
</settingsSecurity>