Versions Compared

Old Version 14

changes.mady.by.user Albert Lee

Saved on

compared with

New Version Current

changes.mady.by.user Albert Lee

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

  1. Open a shell window. If using Windows, open a cygwin window.
    Info
    • The generated keys are stored in:
      • *nix - $HOME/.gnupg
      • Windows XP - %HOME%\Application Data\gnupg
      • Windows 7 - C:\ProgramData\GNU\etc\gnupg
    • "gpg --version" shows the GnuPG's home location.
    • Follow the latest steps and guides on the ASF website at http://www.apache.org/dev/openpgp.html#generate-key as you need to disable using SHA1 and new keys should be 4096 bits. Append the following text to gpg.conf.
      Code Block
      none
      none
      personal-digest-preferences SHA512
cert-digest-algo SHA512
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
      • If you are using an existing gpg certificate, update your current certificate with the above preference using:
        Code Block
        none
        none
        leealber@jpadev:~/.gnupg$ gpg --edit-key Albert Lee
Secret key is available.

pub  1024D/8007117F  created: 2007-11-05  expires: never       usage: SC  
                     trust: ultimate      validity: ultimate
sub  2048g/8D910F8A  created: 2007-11-05  expires: never       usage: E   
[ultimate] (1). Albert Lee (CODE SIGNING KEY) <allee8285@apache.org>

Invalid command  (try "help")

Command> showpref
[ultimate] (1). Albert Lee (CODE SIGNING KEY) <allee8285@apache.org>
     Cipher: AES256, AES192, AES, CAST5, 3DES
     Digest: SHA512, SHA384, SHA256, SHA224, SHA1
     Compression: ZLIB, BZIP2, ZIP, Uncompressed
     Features: MDC, Keyserver no-modify

Command> setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
Set preference list to:
     Cipher: AES256, AES192, AES, CAST5, 3DES
     Digest: SHA512, SHA384, SHA256, SHA224, SHA1
     Compression: ZLIB, BZIP2, ZIP, Uncompressed
     Features: MDC, Keyserver no-modify
Really update the preferences? (y/N) y

pub  1024D/8007117F  created: 2007-11-05  expires: never       usage: SC  
                     trust: ultimate      validity: ultimate
sub  2048g/8D910F8A  created: 2007-11-05  expires: never       usage: E   
[ultimate] (1). Albert Lee (CODE SIGNING KEY) <allee8285@apache.org>

Command>
  2. Generate a key-pair with gpg, using default key kind ("DSA and Elgamal") and ELG-E keys size (2048).
    Code Block
    none
    none
    $ gpg --gen-key
    The program's default values should be fine. For the "Real Name" enter your full name (ie. Stan Programmer). For the "e-mail address" enter your apache address (ie. sprogrammer@apache.org). You will also be required to enter a "passphrase" for the GPG key generation. Keep track of this as you will need this for the Release processing.
    Info
    • Save the content in this subdirectory to a safe media. This contains your private key used to sign all the release materials.
  3. Backup your cygwin home directory to another media
  4. Append your public key to https://svn.apache.org/repos/asf/openjpa/KEYS and http://www.apache.org/dist/openjpa/KEYSImage Removed. See the commands describe at the beginning of this KEYS file to perform this task. The gpg key-pair is used to sign the published artifacts for the releases.
    Code Block
    none
    none
    $ ( gpg --list-sigs <Real Name> && gpg --armor --export <Real Name> ) >> KEYS
    Info
    • The https://svn.apache.org/repos/asf/openjpa/KEYS file is updated via normal svn commit procedures.
      Code Block
      svn co https://svn.apache.org/repos/asf/openjpa --depth empty
cd openjpa
svn up KEYS
( gpg --list-sigs <Real Name> && gpg --armor --export <Real Name> ) >> KEYS
svn commit KEYS --message "update gpg public key for ME."
    • The one under www.apache.org/dist/ has to be manually updated.
      Code Block
      scp KEYS yourid@people.apache.org:/www/www.apache.org/dist/openjpa/KEYS
  5. Submit your public key to a key server. E.g. http://pgp.surfnet.nl:11371/ or http://pgp.mit.edu/
  6. Following the instructions in http://people.apache.org/~henkp/trust/ and ask multiple (at least 3) current Apache committers to sign your public key.

...

  1. Create a settings.xml under .m2

     

    Code Block
    xml
    xml
    titlesettings.xml
    borderStylesolid
    <settings xmlns="http://maven.apache.org/POM/4.0.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
    <servers>
       <!-- SCP settings for people.apache.org -->
       <server>
          <id>people.apache.org</id>
          <username>$USERNAME</username>
          <privateKey>$PATH_TO_PRIVATE_KEY</privateKey>
          <passphrase>$SSH_PASSPHRASE</passphrase>
          <directoryPermissions>775</directoryPermissions>
          <filePermissions>644</filePermissions>
          <!-- following is only for Windows only
          <configuration>
              <sshExecutable>plink</sshExecutable>
              <scpExecutable>pscp</scpExecutable>
              <scpArgs>-2Bp</scpArgs>
              <sshArgs>-2</sshArgs>
          </configuration>
          -->
       </server>
       <!-- ASF Nexus settings -->
       <server>
           <id>apache.snapshots.https</id>
           <username>$USERNAME</username>
           <password>$APACHE_LDAP_PWD</password>
       </server>
       <server>
           <id>apache.releases.https</id>
           <username>$USERNAME</username>
           <password>$APACHE_LDAP_PWD</password>
       </server>
    </servers> 
    <profiles>
        <profile>
            <id>apache-release</id>
            <properties>
                <gpg.passphrase>$GPG_PASSPHRASE</gpg.passphrase>
                <!-- The site.deploy.url property MUST be specified in this profile if process release in Windows environment,
                     or if your *nix user id does not match with your Apache user id --?<site.deploy.user.name>$USERNAME</site.deploy.user.name>
                <site.deploy.url>scp://people.apache.org/home/$USERNAME/public_html/openjpa/${project.version}/staging-site</site.deploy.url><gpg.passphrase>$GPG_PASSPHRASE</gpg.passphrase>
            </properties>
        </profile>
        <profile>
            <id>gpg-passphrase</id>
            <properties>
                <gpg.passphrase>$GPG_PASSPHRASE</gpg.passphrase>
            </properties>
        </profile>
    </profiles>
</settings>
    Info
    • $USERNAME is the remote username on people.apache.org, not your local userid.
    • $PATH_TO_PRIVATE_KEY is the path to the private key generated for ssh. E.g. /home/yourLocalUserId/.ssh/id_rsa. For Windows' cygwin users, you will need to enter the full cygwin path: /cygdrive/c/cygwin/home/yourLocalUserId/.ssh/id_rsa.
    • $SSH_PASSPHRASE for the supplied $PATH_TO_PRIVATE_KEY. If you don't use this in your settings.xml file, then you will be prompted for it during the Release processing.
    • $GPG_PASSPHRASE is pass phase for the GPG key.
    • $APACHE_LDAP_PWD is your Apache LDAP password, which is shared between SVN and password login for people.apache.org.