THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- Open a shell window. If using Windows, open a cygwin window.
- Use ssh-keygen to create an SSH key.
Note - Follow the latest steps and guides on the ASF website at http://www.apache.org/dev/openpgp.html#generate-key as you need to disable using SHA1 and new keys should be 4096 bits.
- ssh-keygen dsa key type only accept 1024 bits; use rsa / 4096 bits instead and adjust all the id_dsa* reference to id_rsa*.
Program defaults should be fine. No passphrase is required for the ssh key generation. The keys will be saved in ~/.ssh/id_Code Block none none $ ssh-keygen -t dsarsa -b 4096
...
- rsa (private) and ~/.ssh/id_
...
- rsa.pub (public).
Info See Authenticating By Public Key (OpenSSH) for a good description on why and how to perform this task.
scp
your SSH public key ~/.ssh/id_dsarsa.pub created in last step to ~/id_dsarsa.pub on people.apache.org.Code Block none none $ cd ~/.ssh $ scp id_dsarsa.pub <your userid>@people.apache.org:id_dsarsa.pub $ You will be prompted for your password.
- Use ssh to login to people.apache.org
At this point, you will still be prompted for your password.Code Block none none $ cd ~ $ ssh <your userid>@people.apache.org
- Create a ~/.ssh folder in your home directory on people.apache.org and change its file mode to 700.
Code Block none none $ mkdir ~/.ssh $ chmod 700 ~/.ssh
- Move or append ~/id_dsarsa.pub to ~/.ssh/authorized_keys and change its file mode to 600.
Code Block none none $ mv ~/id_rsa.pub ~/.ssh/authorized_keys or $ cat ~/id_dsarsa.pub >> ~/.ssh/authorized_keys $ chmod 600 ~/.ssh/authorized_keys
Info - Each public key in the
authorized_keys
spans only one line.- For example: "
ssh-dss AAAAB3NzaC1kc3MAAA ..... agBmmfZ9uAbSqA== dsa-key-20071107
"
- For example: "
- '#' in the first column is a comment line.
- Each public key in the
- Exit out of this ssh session.
- Start a new ssh session. No login should be required this time due to the private ssh key on your local box matching up with the public ssh key in your home directory (~/.ssh).
Code Block none none $ ssh <your userid>@people.apache.org
Info If you are still prompted for a password, then you have not set up the ssh keys properly. Review the steps above and ensure that all of the steps were followed properly. Or, maybe the instructions are still not quite right and they still need some adjusting. In that case, please update the instructions accordingly.
...
- Open a shell window. If using Windows, open a cygwin window.
Info - The generated keys are stored in:
- *nix - $HOME/.gnupg
- Windows XP - %HOME%\Application Data\gnupg
- Windows 7 - C:\ProgramData\GNU\etc\gnupg
- "gpg --version" shows the GnuPG's home location.
- Follow the latest steps and guides on the ASF website at http://www.apache.org/dev/openpgp.html#generate-key as you need to disable using SHA1 and new keys should be 4096 bits. Append the following text to gpg.conf.
Code Block none none personal-digest-preferences SHA512 cert-digest-algo SHA512 default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
- The generated keys are stored in:
- Generate a key-pair with gpg, using default key kind ("DSA and Elgamal") and ELG-E keys size (2048).
The program's default values should be fine. For the "Real Name" enter your full name (ie. Stan Programmer). For the "e-mail address" enter your apache address (ie. sprogrammer@apache.org). You will also be required to enter a "passphrase" for the GPG key generation. Keep track of this as you will need this for the Release processing.Code Block none none $ gpg --gen-key
Info
...
- Save the content in this subdirectory to a safe media. This contains your private key used to sign all the release materials.
- Backup your cygwin home directory to another media ||
- Append your public key to
https://svn.apache.org/repos/asf/openjpa/KEYS
andhttp://www.apache.org/dist/openjpa/KEYS
. See the commands describe at the beginning of this KEYS file to perform this task. The gpg key-pair is used to sign the published artifacts for the releases.Code Block none none $ ( gpg --list-sigs <Real Name> && gpg --armor --export <Real Name> ) >> KEYS
Info - The
https://svn.apache.org/repos/asf/openjpa/KEYS
file is updated via normal svn commit procedures.Code Block svn co https://svn.apache.org/repos/asf/openjpa --depth empty cd openjpa svn up KEYS ( gpg --list-sigs <Real Name> && gpg --armor --export <Real Name> ) >> KEYS svn commit KEYS --message "update gpg public key for ME."
- The one under www.apache.org/dist/ has to be manually updated.
Code Block scp yourid@people.apache.org:/www/www.apache.org/dist/openjpa/KEYS KEYS
- The
- Submit your public key to a key server. E.g. http://pgp.surfnet.nl:11371/ or http://pgp.mit.edu/||
- Following the instructions in http://people.apache.org/~henkp/trust/ and ask multiple (at least 3) current Apache committers to sign your public key.
...