...
| No Format |
|---|
wget <SOME URL>/hama-0.x.0-incubating.tar.gz.asc
|
2. Import the committers keys
| No Format |
|---|
wget http://incubatorhama.apache.org/hamafiles/KEYS gpg --import http://incubator.apache.org/hama/KEYS |
Note that the last argument after import is a file, not a url.
...
| No Format |
|---|
gpg --verify hama-0.x.0-incubating.tar.gz.asc
|
If everything is correctly verified, you have to post the result on the vote thread while casting your vote.
You can use a convenient shell script to check the signatures, it takes the release managers apache index file URL as argument (e.g. http://people.apache.org/~edwardyoon/dist/0.6-RC3/).
| No Format |
|---|
#!/bin/bash function check_return { RETVAL=$? [ $RETVAL -ne 0 ] && exit 1 } function check_md5 { real=`openssl md5 $1 | cut -d ' ' -f2` expected=`cat $1.md5 | cut -d ' ' -f1` if [ "$real" != "$expected" ] then echo "md5 sums mismatch" && exit 1 else echo "md5 checksums OK" fi } function check_sha1 { real=`openssl sha1 $1 | cut -d ' ' -f2` expected=`cat $1.sha1 | cut -d ' ' -f1` if [ "$real" != "$expected" ] then echo "sha1 sums mismatch" && exit 1 else echo "sha1 checksums OK" fi } function import_keys { wget -q http://hama.apache.org/files/KEYS gpg --import KEYS rm KEYS } import_keys wget --convert-links -q -L -O out.html $1 cat out.html | grep -o -E 'href="([^"#]+).([gz|asc|md5|sha1|zip])"' | cut -d'"' -f2 | sort | uniq > links mkdir release while read lnk; do echo "Downloading $lnk" # wget --directory-prefix=release $lnk done < links for filename in `find release/ -iregex ".*\(gz\|zip\)" -printf "%f\n"` do echo "checking release/$filename" gpg --verify release/$filename.asc check_return check_md5 release/$filename check_sha1 release/$filename done; rm out.html rm links |