Versions Compared

Old Version 36

changes.mady.by.user Donald Woods

Saved on

compared with

New Version Current

changes.mady.by.user Donald Woods

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

1

Open a shell window. If using Windows, open a cygwin window.

2

Generate a key-pair with gpg, using default key kind ("DSA and Elgamal") and ELG-E keys size (2048).

Code Block
none
none
$ gpg --gen-key
  • The program's default values should be fine. For the "Real Name" enter your full name (ie. Stan Programmer). For the "e-mail address" enter your apache address (ie. sprogrammer@apache.org). You will also be required to enter a "passphrase" for the GPG key generation. Keep track of this as you will need this for the Release processing.
    Info
    • The generated keys are stored in $HOME/.gnupg or %HOME%\Application Data\gnupg subdirectory.
    • Save the content in this subdirectory to a safe media. This contains your private key used to sign all the OpenJPA release materials.

3

Backup your cygwin home directory to another media

4

Add your public key to https://svn.apache.org/repos/asf/openjpa/site/docs/KEYS and {{

http://www.apache.org/dist/openjpa/KEYSImage Removed

}}. See the commands describe at the beginning of this KEYS file to perform this task. The gpg key-pair is used to sign the published artifacts for the OpenJPA releases.

Code Block
none
none
$ gpg --list-sigs <Real Name> && gpg --armor -- export <Real Name>
Info

The https://svn.apache.org/repos/asf/openjpa/site/docs/KEYS file is updated via normal svn commit procedures. How the http://www.apache.org/dist/openjpa/KEYSImage Removed file gets updated is still a mystery to me...

5

Following the instructions in http://people.apache.org/~henkp/trust/ and ask someone in the OpenJPA project to sign your public key.

6

Submit your public key to a key server. E.g. http://pgp.surfnet.nl:11371/ or http://pgp.mit.edu/

...