...
You need to create a PGP key and upload it to public servers. Apache sites pick up the certificate from public repositories once a day. We strongly suggest that you read through this page first: https://www.apache.org/dev/release-signing.html. Here are the steps involved.
Creating the key
On Mac OS, use gpg and on Linux use gpg2 to generate the key. The GPG key has to be associated with the apache email address. One can create the GPG by using the following cmd. Note that the key length should be 4096 bits. See the example below:
| Code Block | ||
|---|---|---|
| ||
$ gpg2 --full-generate-key
gpg (GnuPG) 2.1.22; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
...
gpg: key 2C9B34D6A54AAFAE marked as ultimately trusted
... |
...
Upload GPG public key to a public key server (Use one of the following two: http://pool.sks-keyservers.net:11371/ and http://keyserver.ubuntu.com:11371 as they are used by Apache Nexus server). Copy the following command's output (between the lines that Begin and end certificate, including the BEGIN and END line) to "Submit a key" box and click the submit button. http://pgp.mit. edu. You can also upload it to other sites (See https://www.apache.org/dev/release-signing.html#keyserver for some servers, and also a command-line way to send key to public servers)
Code Block language bash $ gpg --export --armor $GPG_KEY -----BEGIN PGP PUBLIC KEY BLOCK----- ... -----END PGP PUBLIC KEY BLOCK-----
Update key fingerprint at https://id.apache.org. Type the command given below to display the fingerprint of the key.
Code Block language bash $ gpg --fingerprint $GPG_KEY
Copy the hex numbers (e.g. "0D9E 9997 4D5A 59F1 7183 362F 2C9B 34D6 A54A AFAE") to "OpenPGP Public Key Primary Fingerprint" box and submit the change.
Update KEYS file under pinot-release-dist
Code Block language bash $ cd pinot-release-dist # Append the public key to KEYS file gpg --list-sigs $GPG_KEY >> KEYS && gpg --armor --export $GPG_KEY >> KEYS # Commit the change svn commit -m "Update Pinot KEYS file for $GPG_KEY"
After following 1-3, you should have the following (after at most 24 hours delay. Certificates are synced from public domain once a day) If your key or fingerprint of the key does not show up correctly, then go back and verify the steps above. Did the key satisfy the SHA512 requirement? Can you try uploading it to other public servers?:
- (Must have)Your public key is listed in https://dist.apache.org/repos/dist/release/incubator/pinot/KEYS
- (Optional)Your public key is viewable at https://people.apache.org/keys/committer/<apache_ldap_id>.asc (e.g. https://people.apache.org/keys/committer/snlee.asc)
- (Optional)Your public key is viewable at https://people.apache.org/keys/group/pinot.asc
...