THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
-create a GPG key, see:
https://www.apache.org/dev/release-signing.html
-for each zip file ($ZIP) do:
gpg --armor --output $ZIP.asc --detach-sig $ZIP
E.g.:
for ZIP in *.zip; do gpg --armor --output $ZIP.asc --detach-sig $ZIP; done
or
for shafile in `find . -name '*.sha1' `; do plainfile=${shafile%.sha1}; gpg --armor --output $plainfile.asc --detach-sig $plainfile; done;
-verify the signatures:
gpg --verify $ZIP.asc $ZIP
E.g.:
for ZIP in *.zip; do gpg --verify $ZIP.asc $ZIP; done
...