Stage the Distribution Binaries

/!\ TODO: Fix paths

The distribution binaries should be copied from <PATH> to /www/people.apache.org/builds/portals-pluto. After copying the builds, make sure you can view them in the staging distribution site

Signing the distribution binaries

Prerequisite: If you have never signed distribution binaries before, generate and add your key to the KEYS file (instructions are at the top of the file). I have found GnuPG to be easy to use.

/!\ TODO: the location of the assemblies need to be updated to the correct location

1. cd into the <PATH> directory. Here's what it looks like:

esm@clue:~pluto-1.1.5/target/assembly/out$ ls
pluto-1.1.5-bin.tar.bz2    pluto-1.1.5-bundle.zip
pluto-1.1.5-bin.tar.gz     pluto-1.1.5-container-bin.tar.bz2
pluto-1.1.5-bin.zip        pluto-1.1.5-container-bin.tar.gz
pluto-1.1.5-bundle.tar.bz2 pluto-1.1.5-container-bin.zip
pluto-1.1.5-bundle.tar.gz  pluto-1.1.5-src.zip

2. Sign the files using gpg. I use this simple one liner:

$ for file in * ; do gpg -a -b $file ; done

3. If you do this correctly you should have a *.asc file for each distribution file. The *.asc file contains the digital signature.

esm@clue:~/pluto-1.1.5/target/assembly/out$ ls
pluto-1.1.5-bin.tar.bz2         pluto-1.1.5-bundle.zip
pluto-1.1.5-bin.tar.bz2.asc     pluto-1.1.5-bundle.zip.asc
pluto-1.1.5-bin.tar.gz          pluto-1.1.5-container-bin.tar.bz2
pluto-1.1.5-bin.tar.gz.asc      pluto-1.1.5-container-bin.tar.bz2.asc
pluto-1.1.5-bin.zip             pluto-1.1.5-container-bin.tar.gz
pluto-1.1.5-bin.zip.asc         pluto-1.1.5-container-bin.tar.gz.asc
pluto-1.1.5-bundle.tar.bz2      pluto-1.1.5-container-bin.zip
pluto-1.1.5-bundle.tar.bz2.asc  pluto-1.1.5-container-bin.zip.asc
pluto-1.1.5-bundle.tar.gz       pluto-1.1.5-src.zip
pluto-1.1.5-bundle.tar.gz.asc   pluto-1.1.5-src.zip.asc

4. We seem to also be adding md5 sums as well as digital signatures. You can use md5sum <filename> or openssl md5 <filename> to do this. people.apache.org has gpg and openssl:

for file in *[!.asc] ; do echo `openssl md5 $file` > $file.md5 ; done

Now for each distribution file we have a digital signature (in *.asc) and a MD5 checksum (in *.md5).

5. (!) Mind your UNIX permissions! This cannot be stressed enough. Whenever you are uploading content to people, you must be sure to double-check the permissions of the files you have created/moved/updated. They need to be 664 or 775: other committers (which are members of your unix group) need to be able to update, remove, or overwrite those files in the future, especially the staging builds, maven 2 metadata, and the website. NOTHING kills a release like finding out the permissions are incorrect.