Author: aheritier
Date: Sun Apr 15 17:22:16 2007
New Revision: 529101
URL: http://svn.apache.org/viewvc?view=rev&rev=529101
Log:
Update documentation about releasing and how to sign artifacts
Modified:
maven/maven-1/core/trunk/xdocs/developers/making-releases.xml
Modified: maven/maven-1/core/trunk/xdocs/developers/making-releases.xml
URL:
http://svn.apache.org/viewvc/maven/maven-1/core/trunk/xdocs/developers/making-releases.xml?view=diff&rev=529101&r1=529100&r2=529101
==============================================================================
--- maven/maven-1/core/trunk/xdocs/developers/making-releases.xml (original)
+++ maven/maven-1/core/trunk/xdocs/developers/making-releases.xml Sun Apr 15
17:22:16 2007
@@ -31,6 +31,8 @@
<subsection name="Setup your maven settings">
<p>You must define the following properties in
<code>~/build.properties</code>. (Note: you may want to put these in
<code>maven-plugins/plugin-parent/build.properties</code> instead if you need
to define them differently for other projects).</p>
<ul>
+ <li><code>maven.username</code> - your apache username to deploy the
web site.</li>
+ <li><code>maven.password</code> - your apache password (if needed,
depending of the protocol used in the site plugin).</li>
<li><code>maven.repo.apache.releases.username</code> - your apache
username</li>
<li><code>maven.repo.apache.releases.privatekey</code> - the
filename of your SSH private key</li>
<li><code>maven.repo.apache.releases.passphrase</code> - the
passphrase for your private key (<b>not</b> your Apache password)</li>
@@ -38,12 +40,15 @@
<li><code>maven.announcement.mail.server</code> - The SMTP server to
use for sending the announcement mail.</li>
</ul>
</subsection>
- <subsection name="Generate a code signing key (PGP)">
+ <subsection name="Generate a code signing key (OpenPGP Compatible
Signature)">
<p>You'll find some useful information here : <a
href="http://www.apache.org/dev/release-signing.html";
target="_blank">http://www.apache.org/dev/release-signing.html</a>.</p>
<p>To sum up :</p>
<ol>
<li>
- <p>Create your PGP key : </p><source>$ gpg --gen-key</source>
+ <p>Install <a href="http://www.gnupg.org/";>GNU Privacy Guard</a>
for your your platform and add it in your PATH.</p>
+ </li>
+ <li>
+ <p>Create your key : </p><source>$ gpg --gen-key</source>
<p>Keep the default settings.</p>
<p>Enter your personal information :</p>
<source><![CDATA[
@@ -58,43 +63,10 @@
<source>$ (gpg --list-sigs "FirstName LastName" && gpg
--armor --export "FirstName LastName") > ~/MY_KEYS</source>
</li>
<li>
- <p>And append the result to the KEYS file stored in the root
directory of the m1's core in subversion.</p>
+ <p>And append the result to the KEYS file stored in
<code>https://svn.apache.org/repos/asf/maven/project</code>.</p>
</li>
<li>
- <p>To finish, create your own script using the following template
to sign your releases and don't forget to add it in your PATH :</p>
- <source><![CDATA[
-#!/bin/sh
-# Use your PGP key ID here :
-MY_KEY="FirstName LastName (CODE SIGNING KEY) <[EMAIL PROTECTED]>"
-echo -n "PGP Key Password: "
-stty -echo
-read PASSWORD
-stty echo
-echo ""
-for FILE in $(find . -not '(' -name "*.md5" -or -name "*.sha1" -or -name
"*.asc" -or -name "*-version" ')' -and -type f -and -user $USER) ; do
- signature=${FILE}.asc
- if [ ! -f ${signature} ]
- then
- echo -n "Creating: ${signature} ... "
- echo "$PASSWORD" | gpg --default-key "$MY_KEY" --detach-sign --armor
--no-tty --yes --passphrase-fd 0 "$FILE" && echo done.
- gpg --verify "$FILE.asc" "$FILE"
- fi
- signature=${FILE}.md5
- if [ ! -f ${signature} ]
- then
- echo -n "Creating: ${signature} ... "
- md5 -q "$FILE" | cut "-d " -f1 > "$FILE.md5" && echo done.
- fi
- signature=${FILE}.sha1
- if [ ! -f ${signature} ]
- then
- echo -n "Creating: ${signature} ... "
- sha1 -q "$FILE" | cut "-d " -f1 > "$FILE.sha1" && echo done.
- fi
-done
-echo "Finished!"
-]]></source>
- <p>This script will ask you your pgp key password and will
recursively sign all artefacts YOU deployed and which were not yet signed.</p>
+ <p>To automatically sign your artifacts, you need to have the
maven artifact 1.9 (at least) and if you have several keys you have to set the
property <code>"maven.artifact.gpg.keyname"</code> to select the one you want
to use.</p>
</li>
</ol>
</subsection>
@@ -107,9 +79,6 @@
</li>
<li>
<p>Produce a clean build using <code>maven
-Dmaven.repo.list=apache.releases -Dmaven.site.deploy.live=true
scm:perform-release</code>. When prompted for the tag, enter the one used in
the previous step. When prompted for the goal, enter
<code>plugin:repository-deploy,source:deploy,javadoc:deploy,site:deploy</code>
for plugins, or
<code>jar:deploy,source:deploy,javadoc:deploy,site:deploy</code> for an
individual JAR. To release a Maven distribution, see below.</p>
- </li>
- <li>
- <p>Sign your artefacts. Logon to people.apache.org and launch your
signing script in the directory
<code>/www/people.apache.org/repo/m1-ibiblio-rsync-repository/maven/</code></p>
</li>
<li>
<p>Check for the new version at <a
href="http://people.apache.org/repo/m1-ibiblio-rsync-repository/maven/plugins/";>http://people.apache.org/repo/m1-ibiblio-rsync-repository/maven/plugins/</a>
or <a
href="http://people.apache.org/repo/m1-ibiblio-rsync-repository/maven/jars/";>http://people.apache.org/repo/m1-ibiblio-rsync-repository/maven/jars/</a>.</p>
