...
- Open a shell window. If using Windows, open a cygwin window.
Info - The generated keys are stored in:
- *nix - $HOME/.gnupg
- Windows XP - %HOME%\Application Data\gnupg
- Windows 7 - C:\ProgramData\GNU\etc\gnupg
- "gpg --version" shows the GnuPG's home location.
- Follow the latest steps and guides on the ASF website at http://www.apache.org/dev/openpgp.html#generate-key as you need to disable using SHA1 and new keys should be 4096 bits. Append the following text to gpg.conf.
Code Block none none personal-digest-preferences SHA512 cert-digest-algo SHA512 default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
- If you are using an existing gpg certificate, update your current certificate with the above preference using:
Code Block none none leealber@jpadev:~/.gnupg$ gpg --edit-key Albert Lee Secret key is available. pub 1024D/8007117F created: 2007-11-05 expires: never usage: SC trust: ultimate validity: ultimate sub 2048g/8D910F8A created: 2007-11-05 expires: never usage: E [ultimate] (1). Albert Lee (CODE SIGNING KEY) <allee8285@apache.org> Invalid command (try "help") Command> showpref [ultimate] (1). Albert Lee (CODE SIGNING KEY) <allee8285@apache.org> Cipher: AES256, AES192, AES, CAST5, 3DES Digest: SHA512, SHA384, SHA256, SHA224, SHA1 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, Keyserver no-modify Command> setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed Set preference list to: Cipher: AES256, AES192, AES, CAST5, 3DES Digest: SHA512, SHA384, SHA256, SHA224, SHA1 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, Keyserver no-modify Really update the preferences? (y/N) y pub 1024D/8007117F created: 2007-11-05 expires: never usage: SC trust: ultimate validity: ultimate sub 2048g/8D910F8A created: 2007-11-05 expires: never usage: E [ultimate] (1). Albert Lee (CODE SIGNING KEY) <allee8285@apache.org> Command>
- If you are using an existing gpg certificate, update your current certificate with the above preference using:
- The generated keys are stored in:
- Generate a key-pair with gpg, using default key kind ("DSA and Elgamal") and ELG-E keys size (2048).
The program's default values should be fine. For the "Real Name" enter your full name (ie. Stan Programmer). For the "e-mail address" enter your apache address (ie. sprogrammer@apache.org). You will also be required to enter a "passphrase" for the GPG key generation. Keep track of this as you will need this for the Release processing.Code Block none none $ gpg --gen-key
Info - Save the content in this subdirectory to a safe media. This contains your private key used to sign all the release materials.
- Backup your cygwin home directory to another media
- Append your public key to
https://svn.apache.org/repos/asf/openjpa/KEYS
andhttp://www.apache.org/dist/openjpa/KEYS
. See the commands describe at the beginning of this KEYS file to perform this task. The gpg key-pair is used to sign the published artifacts for the releases.Code Block none none $ ( gpg --list-sigs <Real Name> && gpg --armor --export <Real Name> ) >> KEYS
Info - The
https://svn.apache.org/repos/asf/openjpa/KEYS
file is updated via normal svn commit procedures.Code Block svn co https://svn.apache.org/repos/asf/openjpa --depth empty cd openjpa svn up KEYS ( gpg --list-sigs <Real Name> && gpg --armor --export <Real Name> ) >> KEYS svn commit KEYS --message "update gpg public key for ME."
- The one under www.apache.org/dist/ has to be manually updated.
Code Block scp KEYS yourid@people.apache.org:/www/www.apache.org/dist/openjpa/KEYS
- The
- Submit your public key to a key server. E.g. http://pgp.surfnet.nl:11371/ or http://pgp.mit.edu/
- Following the instructions in http://people.apache.org/~henkp/trust/ and ask multiple (at least 3) current Apache committers to sign your public key.
...
- Create a settings.xml under .m2
Code Block xml xml title settings.xml borderStyle solid <settings xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd"> <servers> <!-- SCP settings for people.apache.org --> <server> <id>people.apache.org</id> <username>$USERNAME</username> <privateKey>$PATH_TO_PRIVATE_KEY</privateKey> <passphrase>$SSH_PASSPHRASE</passphrase> <directoryPermissions>775</directoryPermissions> <filePermissions>644</filePermissions> <!-- following is only for Windows only <configuration> <sshExecutable>plink</sshExecutable> <scpExecutable>pscp</scpExecutable> <scpArgs>-2Bp</scpArgs> <sshArgs>-2</sshArgs> </configuration> --> </server> <!-- ASF Nexus settings --> <server> <id>apache.snapshots.https</id> <username>$USERNAME</username> <password>$APACHE_LDAP_PWD</password> </server> <server> <id>apache.releases.https</id> <username>$USERNAME</username> <password>$APACHE_LDAP_PWD</password> </server> </servers> <profiles> <profile> <id>apache-release</id> <properties> <gpg.passphrase>$GPG_PASSPHRASE</gpg.passphrase> <!-- The site.deploy.url property MUST be specified in this profile if process release in Windows environment, or if your *nix user id does not match with your Apache user id --?<site.deploy.user.name>$USERNAME</site.deploy.user.name> <site.deploy.url>scp://people.apache.org/home/$USERNAME/public_html/openjpa/${project.version}/staging-site</site.deploy.url><gpg.passphrase>$GPG_PASSPHRASE</gpg.passphrase> </properties> </profile> <profile> <id>gpg-passphrase</id> <properties> <gpg.passphrase>$GPG_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> </settings>
Info $USERNAME
is the remote username on people.apache.org, not your local userid.$PATH_TO_PRIVATE_KEY
is the path to the private key generated for ssh. E.g. /home/yourLocalUserId/.ssh/id_rsa. For Windows' cygwin users, you will need to enter the full cygwin path: /cygdrive/c/cygwin/home/yourLocalUserId/.ssh/id_rsa.$SSH_PASSPHRASE
for the supplied$PATH_TO_PRIVATE_KEY
. If you don't use this in your settings.xml file, then you will be prompted for it during the Release processing.$GPG_PASSPHRASE
is pass phase for the GPG key.$APACHE_LDAP_PWD
is your Apache LDAP password, which is shared between SVN and password login for people.apache.org.