Re: [VOTE] Release dtest-api 0.0.18

[Doug Rohrer]

Ok - let's try this again: Candidate SHA:  https://github.com/apache/cassandra-in-jvm-dtest-api/commit/775bfd5283ec77960713e3de2abeb4d068199ef7 Tagged 0.0.18 Artifacts: https://repository.apache.org/content/repositories/orgapachecassandra-1420/org/apache/cassandra/dtest-api/0.0.18 Key signature (this is my RSA key, in KEYS file): 9A648E3DEDA36EECCCC374C4277B602ED2C52277 See changes/info below. Attached is a script that will pull down all of the artifacts, verify the GPG signatures, and validate the md5/sha1 files match. NOTE: it'll create a `tmp` directory wherever you run it, so I'd recommend running it in an empty directory somewhere, or just use the text and run the commands manually wherever).

#!/bin/bash

# Parameters
# $1 staged|released
# $2 release
# $3 maven artefacts staging repo id (as specified in the repo url found in the 
vote email) (ignored for 'released')
#
# Example use: `./validate.sh staged 0.0.18 1419`  
#
# This script is very basic and experimental. I beg of you to help improve it.
#

###################
# prerequisites

# set -x

command -v wget >/dev/null 2>&1 || { echo >&2 "wget needs to be installed"; 
exit 1; }
command -v gpg >/dev/null 2>&1 || { echo >&2 "gpg needs to be installed"; exit 
1; }
command -v sha1sum >/dev/null 2>&1 || { echo >&2 "sha1sum needs to be 
installed"; exit 1; }

( [ "staged" = $1 ] || [ "released" = $1 ] ) || { echo >&2 "first argument must 
be staged or released"; exit 1; }
( [ $# -ge 2 ] ) || { echo >&2 "minimum two arguments must be provided"; exit 
1; }
if [ -z "$3" ] ; then
    [ "released" == $1 ] || { echo >&2 "third argument must not be specified 
when first is released"; exit 1; }
    
maven_repo_url="https://repository.apache.org/content/repositories/releases/org/apache/cassandra/dtest-api/$2";
else
    [ "staged" == $1 ] || { echo >&2 "third argument must be specified when 
first is staged"; exit 1; }
    
maven_repo_url="https://repository.apache.org/content/repositories/orgapachecassandra-$3/org/apache/cassandra/dtest-api/$2";
fi
(curl --output /dev/null --silent --head --fail "${maven_repo_url}") || { echo 
>&2 "Not found: ${maven_repo_url}"; exit 1; }

###################

mkdir -p ./tmp/$2
cd ./tmp/$2

# If you want to pull down the complete list of KEYS
# echo "Downloading KEYS"
# wget -q https://downloads.apache.org/cassandra/KEYS
gpg --import KEYS

echo "Downloading ${maven_repo_url}"
wget -Nqnd -e robots=off --recursive --no-parent ${maven_repo_url}

echo
echo "====== CHECK RESULTS ======"
echo

(compgen -G "*.asc" >/dev/null) || { echo >&2 "No *.asc files found in $(pwd)"; 
exit 1; }
for f in *.asc ; do gpg --verify $f ; done
(compgen -G "*.pom" >/dev/null) || { echo >&2 "No *.pom files found in $(pwd)"; 
exit 1; }
(compgen -G "*.jar" >/dev/null) || { echo >&2 "No *.jar files found in $(pwd)"; 
exit 1; }
for f in *.pom *.jar  ; do echo -n "sha1: " ; echo "$(cat $f.sha1) $f" | 
sha1sum -c - ; echo -n "md5: " ; echo "$(cat $f.md5) $f" | md5sum -c - ; done

echo "Done."

Script based very loosely on https://github.com/apache/cassandra-builds/pull/32/files - but since we're not building RPMs/Debian packages it's just to do the validation. New vote will be open for 72 hours. Everyone who has tested the build lis invited to vote. Votes by PMC members are considered binding. A vote passes if there are at least three binding +1s. Thanks, Doug On Oct 9, 2025, at 5:52 PM, Doug Rohrer <droh...@apple.com> wrote: Hey folks, In an effort to document/automate validiting the release, I noticed that GPG picked a more recent key for me, which is an ECC key, not RSA, which it seems will break things if we have it in the KEYS file, so I'm going to close this proposed release/vote, re-release it with my RSA key, and re-call for the vote along with a handy script to pull down the artifacts and check the sha1/md5/gpg signatures you can run. Thanks, Doug On Oct 7, 2025, at 5:56 PM, Doug Rohrer <droh...@apple.com> wrote: Hey folks, I'd like to propose a new release of the dtest-api that includes some updates to make it easier for Cassandra maintainers to deal with some of the jmx support classes, and for external consumers of the dtest api to use the jmx client without having to jump through some somewhat ugly hoops. Repository: https://gitbox.apache.org/repos/asf?p=cassandra-in-jvm-dtest-api.git Candidate SHA: https://github.com/apache/cassandra-in-jvm-dtest-api/commit/421fe11b8fd862d82f89607c1ae2807657ba6578 Tagged with 0.0.18 Artifacts: https://repository.apache.org/content/repositories/orgapachecassandra-1419/org/apache/cassandra/dtest-api/0.0.18/ Key signature: 2C94EBA59C0BA7E0EDAAE142BF79EF32B05FB5CA Changes since last release: * CASSANDRA-20884 - Move JMX classes to the in-jvm-dtest API project I have patches available for 4.0, 4.1, 5.0, and trunk Cassandra branches to take advantage of these changes as well, which can be updated to use this release and committed once the vote passes. The vote will be open for 72 hours. Everyone who has tested the build lis invited to vote. Votes by PMC members are considered binding. A vote passes if there are at least three binding +1s. See https://issues.apache.org/jira/browse/CASSANDRA-20884 for branches of Cassandra for testing the dtest-api change (which currently use a snapshot build of this). Thanks, Doug Rohrer