Stage the Distribution Binaries

(warning) TODO: Fix paths

The distribution binaries should be copied from <PATH> to /www/people.apache.org/builds/portals-pluto. After copying the builds, make sure you can view them in the staging distribution site

Signing the distribution binaries

Prerequisite: If you have never signed distribution binaries before, generate and add your key to the KEYS file (instructions are at the top of the file). I have found GnuPG to be easy to use.

(warning) TODO: the location of the assemblies need to be updated to the correct location

  1. cd into the <PATH> directory. Here's what it looks like:
esm@clue$ ls
pluto-1.1.0-bin.tar.bz2  pluto-1.1.0-bin.zip.sig     pluto-1.1.0-container-bin.tar.bz2
pluto-1.1.0-bin.tar.gz   pluto-1.1.0-bundle.tar.bz2  pluto-1.1.0-container-bin.tar.gz
pluto-1.1.0-bin.zip      pluto-1.1.0-bundle.tar.gz   pluto-1.1.0-container-bin.zip
pluto-1.1.0-bin.zip.asc  pluto-1.1.0-bundle.zip      pluto-1.1.0-src.zip

2. Sign the files using gpg. I use this simple one liner:

$ for file in * ; do gpg -a -b $file ; done

3. If you do this correctly you should have a *.asc file for each distribution file. The *.asc file contains the digital signature.

esm@clue$ ls
pluto-1.1.0-bin.tar.bz2      pluto-1.1.0-bundle.tar.bz2.asc         pluto-1.1.0-container-bin.tar.gz
pluto-1.1.0-bin.tar.bz2.asc  pluto-1.1.0-bundle.tar.gz              pluto-1.1.0-container-bin.tar.gz.asc
pluto-1.1.0-bin.tar.gz       pluto-1.1.0-bundle.tar.gz.asc          pluto-1.1.0-container-bin.zip
pluto-1.1.0-bin.tar.gz.asc   pluto-1.1.0-bundle.zip                 pluto-1.1.0-container-bin.zip.asc
pluto-1.1.0-bin.zip          pluto-1.1.0-bundle.zip.asc             pluto-1.1.0-src.zip
pluto-1.1.0-bin.zip.asc      pluto-1.1.0-container-bin.tar.bz2      pluto-1.1.0-src.zip.asc
pluto-1.1.0-bundle.tar.bz2   pluto-1.1.0-container-bin.tar.bz2.asc

4. We seem to also be adding md5 sums as well as digital signatures. You can use md5sum <filename> or openssl md5 <filename> to do this. people.apache.org has gpg and openssl:

for file in *[!.asc] ; do echo `openssl md5 $file` > $file.md5 ; done

Now for each distribution file we have a digital signature (in *.asc) and a MD5 checksum (in *.md5).

  • No labels