diff --git a/dev/release/02-source-test.rb b/dev/release/02-source-test.rb index fe2c7b77591..a881a0d4ac8 100644 --- a/dev/release/02-source-test.rb +++ b/dev/release/02-source-test.rb @@ -15,6 +15,8 @@ # specific language governing permissions and limitations # under the License. +require 'digest' + class SourceTest < Test::Unit::TestCase include GitRunnable include VersionDetectable @@ -44,8 +46,13 @@ def source(*targets) env["SOURCE_#{target}"] = "1" end sh(env, @tarball_script, @release_version, "0") + Dir.mkdir("artifacts") unless Dir.exist?("artifacts") + sh("mv", @archive_name, "artifacts/") + File.open("artifacts/#{@archive_name}.sha512", "w") do |sha512| + sha512.puts(sh(env, "shasum", "-a", "512", "artifacts/#{@archive_name}")) + end output = sh(env, @script, @release_version, "0") - sh("tar", "xf", @archive_name) + sh("tar", "xf", "artifacts/#{@archive_name}") output end @@ -106,6 +113,7 @@ def test_vote verify_pr_url = (JSON.parse(response.read)[0] || {})["html_url"] end output = source("VOTE") + tarball_hash = Digest::SHA512.file("artifacts/#{@archive_name}").to_s assert_equal(<<-VOTE.strip, output[/^-+$(.+?)^-+$/m, 1].strip) To: dev@arrow.apache.org Subject: [VOTE] Release Apache Arrow #{@release_version} - RC0 @@ -124,9 +132,10 @@ def test_vote The changelog is located at [10]. Please download, verify checksums and signatures, run the unit tests, -and vote on the release. See [11] for how to validate a release candidate. +and vote on the release. See [11] for the SHA-512 checksum for this RC and [12] +for how to validate a release candidate. -See also a verification result on GitHub pull request [12]. +See also a verification result on GitHub pull request [13]. The vote will be open for at least 72 hours. @@ -144,8 +153,9 @@ def test_vote [8]: https://packages.apache.org/artifactory/arrow/ubuntu-rc/ [9]: https://github.com/apache/arrow/releases/tag/apache-arrow-#{@release_version}-rc0 [10]: https://github.com/apache/arrow/blob/#{@current_commit}/CHANGELOG.md -[11]: https://arrow.apache.org/docs/developers/release_verification.html -[12]: #{verify_pr_url || "null"} +[11]: #{tarball_hash} +[12]: https://arrow.apache.org/docs/developers/release_verification.html +[13]: #{verify_pr_url || "null"} VOTE end end diff --git a/dev/release/02-source.sh b/dev/release/02-source.sh index 5f813eb80bc..f942514cd12 100755 --- a/dev/release/02-source.sh +++ b/dev/release/02-source.sh @@ -130,6 +130,9 @@ if [ ${SOURCE_VOTE} -gt 0 ]; then curl_options+=(--data "head=apache:${rc_branch}") curl_options+=(https://api.github.com/repos/${GITHUB_REPOSITORY}/pulls) verify_pr_url=$(curl "${curl_options[@]}" | jq -r ".[0].html_url") + # Read the checksum so we can include it in the vote thread email. + [[ -f "artifacts/${tarball}.sha512" ]] || { echo "Error: artifacts/${tarball}.sha512 must exist"; exit 1; } + tarball_hash=$(cat "artifacts/${tarball}.sha512" | awk '{print $1}') echo "The following draft email has been created to send to the" echo "dev@arrow.apache.org mailing list" @@ -153,9 +156,10 @@ The binary artifacts are hosted at [4][5][6][7][8][9]. The changelog is located at [10]. Please download, verify checksums and signatures, run the unit tests, -and vote on the release. See [11] for how to validate a release candidate. +and vote on the release. See [11] for the SHA-512 checksum for this RC and [12] +for how to validate a release candidate. -See also a verification result on GitHub pull request [12]. +See also a verification result on GitHub pull request [13]. The vote will be open for at least 72 hours. @@ -173,8 +177,9 @@ The vote will be open for at least 72 hours. [8]: https://packages.apache.org/artifactory/arrow/ubuntu-rc/ [9]: https://github.com/apache/arrow/releases/tag/apache-arrow-${version}-rc${rc} [10]: https://github.com/apache/arrow/blob/${release_hash}/CHANGELOG.md -[11]: https://arrow.apache.org/docs/developers/release_verification.html -[12]: ${verify_pr_url} +[11]: ${tarball_hash} +[12]: https://arrow.apache.org/docs/developers/release_verification.html +[13]: ${verify_pr_url} MAIL echo "---------------------------------------------------------" fi