...
# Signing a release
gpg -u YOUR_APACHE_USER_NAME@apache.org --armor --output apache-quickstep-incubating-x.y.z.tar.gz.asc --detach-sign apache-quickstep-incubating-x.y.z.tar.gz
# Make sure it worked
gpg --verify apache-quickstep-incubating-x.y.z.tar.gz.asc apache-quickstep-incubating-x.y.z.tar.gz
# Make checksums
md5sum apache-quickstep-incubating-x.y.z.tar.gz > apache-quickstep-incubating-x.y.z.tar.gz.md5
sha1sum apache-quickstep-incubating-x.y.z.tar.gz > apache-quickstep-incubating-x.y.z.tar.gz.sha
# Make sure they worked
md5sum --check apache-quickstep-incubating-x.y.z.tar.gz.md5
sha1sum --check apache-quickstep-incubating-x.y.z.tar.gz.sha
Signing another Committer's key
gpg --list-keys
# now copy your apache key ID.
# Let's pretend that you're verifying Marc's key. This means you have already added Marc's public key
gpg -u YOUR_KEYID --sign-key spehl@apache.org
# Now send Marc's updated information
# notice that 5A29899A is Marc's key ID
gpg --keyserver keyserver.ubuntu.com --send-key 5A29899A
# you have now verified that Marc's key is from Marc
# The --keyserver is optional, but then you must have a valid default
Related articles
Content by Label | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...