GPG and Maven, JDK 7 is mandatory for verification
brew install gpg gpg-agent pinentry-mac
brew install maven
brew install md5sha1sum# Download GPG KEYS
wget https://dist.apache.org/repos/dist/dev/incubator/hivemall/KEYS
# import KEYS for GPG verification
gpg --import KEYSwget -e robots=off --no-check-certificate \
-r -np --reject=html,txt,tmp -nH --cut-dirs=5 \
https://dist.apache.org/repos/dist/dev/incubator/hivemall/0.5.0-incubating-rc1/
cd 0.5.0-incubating-rc1/for f in `ls *.sha1`; do
echo -n "Verifying ${f%.*} ... "
sha1sum ${f%.*} | cut -f1 -d' ' | diff -Bw - ${f}
if [ $? -eq 0 ]; then
echo 'Valid'
fi
done
echo
for f in `ls *.md5`; do
echo -n "Verifying ${f%.*} ... "
md5sum ${f%.*} | cut -f1 -d' ' | diff -Bw - ${f}
if [ $? -eq 0 ]; then
echo 'Valid'
fi
done
echo
for f in `find . -type f -iname '*.asc'`; do
gpg --verify ${f}
if [ $? -eq 0 ]; then
echo "GPG signature is correct: ${f%.*}"
else
echo "GPG signature is Invalid: ${f%.*}"
fi
echo
doneunzip hivemall-0.5.0-incubating-rc1-source-release.zip
cd hivemall-0.5.0-incubating-rc1
# workaround for Maven sign-release-artifacts plugin
export GPG_TTY=$(tty)
# JDK 7 is required for packaging
export JAVA_HOME=`/usr/libexec/java_home -v 1.7`
# Install xgboost jar to Maven local repository
mvn -Pcompile-xgboost validate
# Try to create artifacts
# RAT license check and unit tests will be issued
mvn -Papache-release clean install
# Verify Signatures of Release Artifacts
cd target/
for file in `find . -type f -iname '*.asc'`; do
gpg --verify ${file}
done