How to Build a Release of OpenMeetings

Required tools

To build a binary release of OpenMeetings you need:

Prepare your Apache ID

Every release package must be signed with a PGP/GPG key.
So if you want to release a package your Apache Id must be connected with a PGP key!

You might follow:

In short:
Create PGP key pairs (private + public) (and I recommend creating a Revoke Cert)
Upload the public key (either bei using the PGP Tool that you use to create the key) or by using the web form to:
Add the fingerprint string (something like "BF13 CF11 F9C9 0CBE 4413 09AB 0055 16BF 93A3 0395") to your profile at
Wait for 6-8 hours, the server will search for a public key based on your fingerprint, if success it will create a file with your name at:

If that is "success" then add your key to:
and follow the instructions in the file.

Step1 - Prepare files

Check that all files:
are up to date and refer to the right version.

Create a TAG of the SVN tree that you would like to release

svn copy -r1453158 \ \
	-m "3.1.0 Release candidate 1"

Get the source from your TAG:

svn checkout$BRANCHORTAG/

$BRANCHORTAG should be replaced with your new TAG

Update versions of all modules

mvn versions:set -DgenerateBackupPoms=false -DnewVersion=3.1.0

Run the command:

mvn clean install -Prelease

Test building the source on windows and OSx or Linux

Test running the binary's

Commit artifacts you have created with KEYS file to the Proposed file structure for "Release Candidate 1" of 3.1.0 will be:


Step2 - VOTE and RESULT emails

Send a "VOTE" to the developer mailing list including links to release artifacts.
A VOTE always contains two parts:
Send an email to the developer mailing list with the subject line:
[VOTE] Apache OpenMeetings x.xx release
An example for such an email: example Vote email example Vote email (Incubator)
Forward (Not CC) this Vote email to:

After the vote is over, send a "RESULT" email to the list with the subject line:
[RESULT][VOTE] Apache OpenMeetings x.xx release
An example for such an email: example Result email
Forward (Not CC) this RESULT VOTE email to:

Votes on whether a package is ready to be released use majority approval -- i.e., at least three PMC members must vote affirmatively for release, and there must be more positive than negative votes. Releases may not be vetoed. Before voting +1 PMC members are required to download the signed source code package, compile it as provided, and test the resulting executable on their own platform, along with also verifying that the package meets the requirements of the ASF policy on releases.

Step3 - Sign web start application

If VOTEs positive: Sign screen sharing web application and re-pack the release

  • Go to the folder you check out:$BRANCHORTAG/
  • Unarchive openmeetings-server/target/apache-openmeetings-$BRANCHORTAG.tar.gz
    cd openmeetings-server/target
    mkdir apache-openmeetings
    cd apache-openmeetings
    tar -xzf ../apache-openmeetings-$BRANCHORTAG.tar.gz
    cd webapps/openmeetings/screenshare/
    mvn org.codehaus.mojo:webstart-maven-plugin:1.0-beta-8-SNAPSHOT:unsign -Dmaven.jar.unsign.jarpath=.
  • Check any jar in webapps/openmeetings/screenshare/: Its META-INF/MANIFEST.MF file should NOT contain SHA1-Digest entries for classes
  • Go to
  • Select "Signing Sets"
  • Select "Add signing set"
  • Enter "Signing set name" (must include "Apache Openmeetings" and version) for ex. "Apache Openmeetings 3.1.0-RELEASE"
  • Enter "Version" for ex. "3.1.0-RELEASE"
  • Select "Java Signing" as "Signing service"
  • Select "Upload files" and add all jar files from openmeetings-server/target/apache-openmeetings/webapps/openmeetings/screenshare
  • Select "Sign now"
  • Select "Type of signing" -> "Production"
  • Select "Sign"
  • Select "Download set"
  • Open binary artifacts of OM created on previous step (both tar.gz and zip)
  • Replace jar files inside artifacts webapps/openmeetings/screenshare with the signed ones
  • Re-create artifact signatures

    Create sha256sum checksums

    #On OSX you might use this command to make a SHA checksum and store it to a file
    shasum -a 256 -r >
    #To create SHA hashes On Ubuntu:
    for f in `ls -1 *.tar.gz *.zip`; do sha256sum $f > $f.sha256; done
    #To check SHA hashes On Ubuntu:
    for f in `ls -1 *.tar.gz *.zip`; do sha256sum -c $f.sha256; done

    Create signatures with the your KEY for every file, the KEY must be available at:

    #To create signatures On Ubuntu:
    for f in `ls -1 *.tar.gz *.zip`; do gpg --armor --output $f.asc --detach-sig $f; done
    #To check signatures On Ubuntu:
    for f in `ls -1 *.tar.gz *.zip`; do gpg --verify $f.asc; done

NOTE: "Type of signing" can be selected as "Test" to check everything works as expected

Step4 - Distribute and announce

If VOTEs positive: Upload the release

Upload Artifacts with signatures created on the previous steps to

Wait 24 hours (until all Apache mirrors have synced the packages) and send an announcement to the mailing list + blog and any other channel.

Email announcements should have the subject line:
[ANNOUNCE] Apache OpenMeetings x.xx released

Update release section of DOAP file site/trunk/doap.rdf (

Add a section to downloads website.
Make sure that the binary packages are linked using the mirror URL as base path ( not
Mirror URL:

Release candidates should be deleted from
Old releases should be deleted from