You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Since GPG Key is used for releasing, this doc is for Release Manager.

To release a version, e.g 2.1.0, we need to prepare 3 files:

  • apache-pegasus-2.1.0-source-release.zip # source package
  • apache-pegasus-2.1.0-source-release.zip.asc # digital signature
  • apache-pegasus-2.1.0-source-release.zip.sha512 # checksum

This doc describes how to generate the "digital signature" file, which verifies the package is signed by Apache PPMC

Steps

If this is not your first time configuring the GPG key, please skip to step4.


1.  Install gpg on your system. A Linux ditribution usually has preinstalled gpg.

➜ gpg --version


2. Generate a GPG Key. Please note the bold tips.

➜ gpg --full-gen-key # the results shown as follow

gpg (GnuPG) 2.2.19; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(14) Existing key from card
Your selection? 1 # Must set this value
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096 # Must set this value
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) # Press enter
Key does not expire at all
Is this correct? (y/N) y # Confirm

GnuPG needs to construct a user ID to identify your key.

Real name: Tao Wu # Your full name
Email address: wutao@apache.org # Your apache mail address
Comment: # Leave empty here
You selected this USER-ID:
"Tao Wu <wutao@apache.org>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O # Confirm
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy. #  It will prompt with a password box. You need to record this password somewhere secure.


gpg: key 654XXXXA91BBXXXX marked as ultimately trusted
gpg: directory '/home/wutao1/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/wutao1/.gnupg/openpgp-revocs.d/45A0XXXF1XXB62663XX673C654EXX8A91XXX5AF.rev' 
public and secret key created and signed.

pub rsa4096 2020-09-05 [SC]
45A0735F19A8B62663AF673C654E588A91BB85AF
uid Tao Wu <wutao@apache.org>
sub rsa4096 2020-09-05 [E]


After the

  • No labels