THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- Download gnupg2
- Generate your PGP Key (refer: http://www.apache.org/dev/openpgp.html) so that maven-release-plugin can sign your built artifacts when do release:perform
- How To Avoid SHA-1
- How To Generate a Strong Key
- Update Maven's settings.xml with following:
Code Block xml xml <settings> ... <profiles> <profile> <id>apache-release</id> <properties> <gpg.passphrase> <!-- YOUR KEY PASSPHRASE --> </gpg.passphrase> </properties> </profile> </profiles> ... </settings>
- Meanwhile, append your public key to https://svn.apache.org/repos/asf/geronimo/KEYS and people.apache.orghttps:/www/wwwdist.apache.org/repos/dist/release/geronimo/KEYS so that user can verify the artifacts you released.
- gpg --gen-key
- RSA and RSA (default), 4096
- gpg --list-sigs "xxxxxx" && gpg --armor --export "xxxxxx" > xxxxxx.key
- "cat" your public key to above KEYS file
- gpg --gen-key
...