This is an automated email from the ASF dual-hosted git repository. github-bot pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/incubator-tubemq-website.git
The following commit(s) were added to refs/heads/asf-site by this push: new 7614332 Automated deployment: Mon Jul 27 04:34:15 UTC 2020 b3247951f4186006bdd541b0af13e711cf09b69b 7614332 is described below commit 7614332a4f68f2c8085d860b162562f955100a97 Author: guangxuCheng <guangxuch...@users.noreply.github.com> AuthorDate: Mon Jul 27 04:34:16 2020 +0000 Automated deployment: Mon Jul 27 04:34:15 UTC 2020 b3247951f4186006bdd541b0af13e711cf09b69b --- docs/en-us/development/how-to-release.md | 2 +- docs/en-us/development/how-to-verify.md | 60 +++++++++++++++++++++++++-- docs/zh-cn/development/how-to-release.md | 2 +- docs/zh-cn/development/how-to-verify.md | 60 +++++++++++++++++++++++++-- en-us/docs/development/how-to-release.html | 2 +- en-us/docs/development/how-to-release.json | 2 +- en-us/docs/development/how-to-release.md | 2 +- en-us/docs/development/how-to-verify.html | 65 ++++++++++++++++++++++++++++-- en-us/docs/development/how-to-verify.json | 2 +- en-us/docs/development/how-to-verify.md | 60 +++++++++++++++++++++++++-- zh-cn/docs/development/how-to-release.html | 2 +- zh-cn/docs/development/how-to-release.json | 2 +- zh-cn/docs/development/how-to-release.md | 2 +- zh-cn/docs/development/how-to-verify.html | 65 ++++++++++++++++++++++++++++-- zh-cn/docs/development/how-to-verify.json | 2 +- zh-cn/docs/development/how-to-verify.md | 60 +++++++++++++++++++++++++-- 16 files changed, 362 insertions(+), 28 deletions(-) diff --git a/docs/en-us/development/how-to-release.md b/docs/en-us/development/how-to-release.md index 8cda0a8..c51fc13 100644 --- a/docs/en-us/development/how-to-release.md +++ b/docs/en-us/development/how-to-release.md @@ -408,7 +408,7 @@ Hello Incubator Community, • https://github.com/apache/incubator-tubemq/tree/${release_version}-${rc_version} Release notes: - • https://github.com/apache/incubator-tubemq/releases/tag/${release_version} + • https://github.com/apache/incubator-tubemq/releases/tag/${release_version}-${rc_version} The artifacts signed with PGP key [填写你个人的KEY], corresponding to [填写你个人的邮箱], that can be found in keys file: • https://dist.apache.org/repos/dist/dev/incubator/tubemq/KEYS diff --git a/docs/en-us/development/how-to-verify.md b/docs/en-us/development/how-to-verify.md index ed8d905..e8dae4d 100644 --- a/docs/en-us/development/how-to-verify.md +++ b/docs/en-us/development/how-to-verify.md @@ -26,9 +26,63 @@ svn co https://dist.apache.org/repos/dist/dev/incubator/tubemq/${release_version ### 2.2 检查gpg签名 - 导入公钥 ```shell - curl https://dist.apache.org/repos/dist/dev/tubemq/KEYS >> KEYS # 下载KEYS + curl https://dist.apache.org/repos/dist/dev/incubator/tubemq/KEYS > KEYS # 下载KEYS gpg --import KEYS # 导入KEYS到本地 ``` + - 信任公钥 + > 信任此次版本所使用的KEY + ```shell + gpg --edit-key xxxxxxxxxx #此次版本所使用的KEY + gpg (GnuPG) 2.2.21; Copyright (C) 2020 Free Software Foundation, Inc. + This is free software: you are free to change and redistribute it. + There is NO WARRANTY, to the extent permitted by law. + + Secret key is available. + + sec rsa4096/5EF3A66D57EC647A + created: 2020-05-19 expires: never usage: SC + trust: ultimate validity: ultimate + ssb rsa4096/17628566FEED6AF7 + created: 2020-05-19 expires: never usage: E + [ultimate] (1). Guangxu Cheng <gxch...@apache.org> + + gpg> trust #信任 + sec rsa4096/5EF3A66D57EC647A + created: 2020-05-19 expires: never usage: SC + trust: ultimate validity: ultimate + ssb rsa4096/17628566FEED6AF7 + created: 2020-05-19 expires: never usage: E + [ultimate] (1). Guangxu Cheng <gxch...@apache.org> + + Please decide how far you trust this user to correctly verify other users' keys + (by looking at passports, checking fingerprints from different sources, etc.) + + 1 = I don't know or won't say + 2 = I do NOT trust + 3 = I trust marginally + 4 = I trust fully + 5 = I trust ultimately + m = back to the main menu + + Your decision? 5 #选择5 + Do you really want to set this key to ultimate trust? (y/N) y #选择y + + sec rsa4096/5EF3A66D57EC647A + created: 2020-05-19 expires: never usage: SC + trust: ultimate validity: ultimate + ssb rsa4096/17628566FEED6AF7 + created: 2020-05-19 expires: never usage: E + [ultimate] (1). Guangxu Cheng <gxch...@apache.org> + + gpg> + + sec rsa4096/5EF3A66D57EC647A + created: 2020-05-19 expires: never usage: SC + trust: ultimate validity: ultimate + ssb rsa4096/17628566FEED6AF7 + created: 2020-05-19 expires: never usage: E + [ultimate] (1). Guangxu Cheng <gxch...@apache.org> + ``` - 使用如下命令检查签名 ```shell for i in *.tar.gz; do echo $i; gpg --verify $i.asc $i ; done @@ -39,7 +93,7 @@ svn co https://dist.apache.org/repos/dist/dev/incubator/tubemq/${release_version gpg --verify apache-tubemq-client-${release_version}-bin.tar.gz.asc apache-tubemq-client-${release_version}-bin.tar.gz ``` - 检查结果 -出现类似以下内容则说明签名正确,关键字:`Good signature` + > 出现类似以下内容则说明签名正确,关键字:**`Good signature`** ```shell apache-tubemq-0.3.0-incubating-src.tar.gz gpg: Signature made Sat May 30 11:45:01 2020 CST @@ -79,4 +133,4 @@ for i in *.tar.gz.sha512; do echo $i; sha512sum -c $i; done - 能否正常部署成功 - 部署测试环境、验证生产消费能否正常运行 - 验证你认为可能会出问题的地方 - - .... + - .... \ No newline at end of file diff --git a/docs/zh-cn/development/how-to-release.md b/docs/zh-cn/development/how-to-release.md index cf23436..4d0434c 100644 --- a/docs/zh-cn/development/how-to-release.md +++ b/docs/zh-cn/development/how-to-release.md @@ -405,7 +405,7 @@ Hello Incubator Community, • https://github.com/apache/incubator-tubemq/tree/${release_version}-${rc_version} Release notes: - • https://github.com/apache/incubator-tubemq/releases/tag/${release_version} + • https://github.com/apache/incubator-tubemq/releases/tag/${release_version}-${rc_version} The artifacts signed with PGP key [填写你个人的KEY], corresponding to [填写你个人的邮箱], that can be found in keys file: • https://dist.apache.org/repos/dist/dev/incubator/tubemq/KEYS diff --git a/docs/zh-cn/development/how-to-verify.md b/docs/zh-cn/development/how-to-verify.md index 6294e70..bb26b29 100644 --- a/docs/zh-cn/development/how-to-verify.md +++ b/docs/zh-cn/development/how-to-verify.md @@ -24,9 +24,63 @@ svn co https://dist.apache.org/repos/dist/dev/incubator/tubemq/${release_version ### 2.2 检查gpg签名 - 导入公钥 ```shell - curl https://dist.apache.org/repos/dist/dev/tubemq/KEYS >> KEYS # 下载KEYS + curl https://dist.apache.org/repos/dist/dev/incubator/tubemq/KEYS > KEYS # 下载KEYS gpg --import KEYS # 导入KEYS到本地 ``` + - 信任公钥 + > 信任此次版本所使用的KEY + ```shell + gpg --edit-key xxxxxxxxxx #此次版本所使用的KEY + gpg (GnuPG) 2.2.21; Copyright (C) 2020 Free Software Foundation, Inc. + This is free software: you are free to change and redistribute it. + There is NO WARRANTY, to the extent permitted by law. + + Secret key is available. + + sec rsa4096/5EF3A66D57EC647A + created: 2020-05-19 expires: never usage: SC + trust: ultimate validity: ultimate + ssb rsa4096/17628566FEED6AF7 + created: 2020-05-19 expires: never usage: E + [ultimate] (1). Guangxu Cheng <gxch...@apache.org> + + gpg> trust #信任 + sec rsa4096/5EF3A66D57EC647A + created: 2020-05-19 expires: never usage: SC + trust: ultimate validity: ultimate + ssb rsa4096/17628566FEED6AF7 + created: 2020-05-19 expires: never usage: E + [ultimate] (1). Guangxu Cheng <gxch...@apache.org> + + Please decide how far you trust this user to correctly verify other users' keys + (by looking at passports, checking fingerprints from different sources, etc.) + + 1 = I don't know or won't say + 2 = I do NOT trust + 3 = I trust marginally + 4 = I trust fully + 5 = I trust ultimately + m = back to the main menu + + Your decision? 5 #选择5 + Do you really want to set this key to ultimate trust? (y/N) y #选择y + + sec rsa4096/5EF3A66D57EC647A + created: 2020-05-19 expires: never usage: SC + trust: ultimate validity: ultimate + ssb rsa4096/17628566FEED6AF7 + created: 2020-05-19 expires: never usage: E + [ultimate] (1). Guangxu Cheng <gxch...@apache.org> + + gpg> + + sec rsa4096/5EF3A66D57EC647A + created: 2020-05-19 expires: never usage: SC + trust: ultimate validity: ultimate + ssb rsa4096/17628566FEED6AF7 + created: 2020-05-19 expires: never usage: E + [ultimate] (1). Guangxu Cheng <gxch...@apache.org> + ``` - 使用如下命令检查签名 ```shell for i in *.tar.gz; do echo $i; gpg --verify $i.asc $i ; done @@ -37,7 +91,7 @@ svn co https://dist.apache.org/repos/dist/dev/incubator/tubemq/${release_version gpg --verify apache-tubemq-client-${release_version}-bin.tar.gz.asc apache-tubemq-client-${release_version}-bin.tar.gz ``` - 检查结果 -出现类似以下内容则说明签名正确,关键字:`Good signature` + > 出现类似以下内容则说明签名正确,关键字:**`Good signature`** ```shell apache-tubemq-0.3.0-incubating-src.tar.gz gpg: Signature made Sat May 30 11:45:01 2020 CST @@ -77,4 +131,4 @@ for i in *.tar.gz.sha512; do echo $i; sha512sum -c $i; done - 能否正常部署成功 - 部署测试环境、验证生产消费能否正常运行 - 验证你认为可能会出问题的地方 - - .... + - .... \ No newline at end of file diff --git a/en-us/docs/development/how-to-release.html b/en-us/docs/development/how-to-release.html index 311c76c..3933819 100644 --- a/en-us/docs/development/how-to-release.html +++ b/en-us/docs/development/how-to-release.html @@ -376,7 +376,7 @@ Hello Incubator Community, • https://github.com/apache/incubator-tubemq/tree/${release_version}-${rc_version} Release notes: - • https://github.com/apache/incubator-tubemq/releases/tag/${release_version} + • https://github.com/apache/incubator-tubemq/releases/tag/${release_version}-${rc_version} The artifacts signed with PGP key [填写你个人的KEY], corresponding to [填写你个人的邮箱], that can be found in keys file: • https://dist.apache.org/repos/dist/dev/incubator/tubemq/KEYS diff --git a/en-us/docs/development/how-to-release.json b/en-us/docs/development/how-to-release.json index c1f3241..621799b 100644 --- a/en-us/docs/development/how-to-release.json +++ b/en-us/docs/development/how-to-release.json @@ -1,6 +1,6 @@ { "filename": "how-to-release.md", - "__html": "<h1>如何发布版本</h1>\n<p><font color=\"#dd0000\" size=\"4\">TODO: This page needs to be translated into English. If you are interested, just do it.</font></p>\n<blockquote>\n<p>本文主要介绍了Release Manager如何按照Apache的流程发布版本,</p>\n</blockquote>\n<h2>0. 前言</h2>\n<p>Source Release是Apache关注的重点,也是发布的必须内容;\nBinary Release是可选项,TubeMQ可以选择是否发布二进制包到Apache仓库或者发布到Maven中央仓库。</p>\n<p>请参考以下链接,找到更多关于ASF的发布指南:</p>\n<p><a href=\"https://incubator.apache.org/guides/releasemanagement.html\">Apache Release [...] + "__html": "<h1>如何发布版本</h1>\n<p><font color=\"#dd0000\" size=\"4\">TODO: This page needs to be translated into English. If you are interested, just do it.</font></p>\n<blockquote>\n<p>本文主要介绍了Release Manager如何按照Apache的流程发布版本,</p>\n</blockquote>\n<h2>0. 前言</h2>\n<p>Source Release是Apache关注的重点,也是发布的必须内容;\nBinary Release是可选项,TubeMQ可以选择是否发布二进制包到Apache仓库或者发布到Maven中央仓库。</p>\n<p>请参考以下链接,找到更多关于ASF的发布指南:</p>\n<p><a href=\"https://incubator.apache.org/guides/releasemanagement.html\">Apache Release [...] "link": "/en-us/docs/development/how-to-release.html", "meta": { "title": "How to Release - Apache TubeMQ" diff --git a/en-us/docs/development/how-to-release.md b/en-us/docs/development/how-to-release.md index 8cda0a8..c51fc13 100644 --- a/en-us/docs/development/how-to-release.md +++ b/en-us/docs/development/how-to-release.md @@ -408,7 +408,7 @@ Hello Incubator Community, • https://github.com/apache/incubator-tubemq/tree/${release_version}-${rc_version} Release notes: - • https://github.com/apache/incubator-tubemq/releases/tag/${release_version} + • https://github.com/apache/incubator-tubemq/releases/tag/${release_version}-${rc_version} The artifacts signed with PGP key [填写你个人的KEY], corresponding to [填写你个人的邮箱], that can be found in keys file: • https://dist.apache.org/repos/dist/dev/incubator/tubemq/KEYS diff --git a/en-us/docs/development/how-to-verify.html b/en-us/docs/development/how-to-verify.html index 51f59d6..2eaf4ad 100644 --- a/en-us/docs/development/how-to-verify.html +++ b/en-us/docs/development/how-to-verify.html @@ -36,10 +36,67 @@ <ul> <li>导入公钥</li> </ul> -<pre><code class="language-shell">curl https://dist.apache.org/repos/dist/dev/tubemq/KEYS >> KEYS # 下载KEYS +<pre><code class="language-shell">curl https://dist.apache.org/repos/dist/dev/incubator/tubemq/KEYS > KEYS # 下载KEYS gpg --import KEYS # 导入KEYS到本地 </code></pre> <ul> +<li>信任公钥</li> +</ul> +<blockquote> +<p>信任此次版本所使用的KEY</p> +</blockquote> +<pre><code class="language-shell"> gpg --edit-key xxxxxxxxxx #此次版本所使用的KEY + gpg (GnuPG) 2.2.21; Copyright (C) 2020 Free Software Foundation, Inc. + This is free software: you are free to change and redistribute it. + There is NO WARRANTY, to the extent permitted by law. + + Secret key is available. + + sec rsa4096/5EF3A66D57EC647A + created: 2020-05-19 expires: never usage: SC + trust: ultimate validity: ultimate + ssb rsa4096/17628566FEED6AF7 + created: 2020-05-19 expires: never usage: E + [ultimate] (1). Guangxu Cheng <gxch...@apache.org> + +<span class="hljs-meta"> gpg></span><span class="bash"> trust <span class="hljs-comment">#信任</span></span> + sec rsa4096/5EF3A66D57EC647A + created: 2020-05-19 expires: never usage: SC + trust: ultimate validity: ultimate + ssb rsa4096/17628566FEED6AF7 + created: 2020-05-19 expires: never usage: E + [ultimate] (1). Guangxu Cheng <gxch...@apache.org> + + Please decide how far you trust this user to correctly verify other users' keys + (by looking at passports, checking fingerprints from different sources, etc.) + + 1 = I don't know or won't say + 2 = I do NOT trust + 3 = I trust marginally + 4 = I trust fully + 5 = I trust ultimately + m = back to the main menu + + Your decision? 5 #选择5 + Do you really want to set this key to ultimate trust? (y/N) y #选择y + + sec rsa4096/5EF3A66D57EC647A + created: 2020-05-19 expires: never usage: SC + trust: ultimate validity: ultimate + ssb rsa4096/17628566FEED6AF7 + created: 2020-05-19 expires: never usage: E + [ultimate] (1). Guangxu Cheng <gxch...@apache.org> + +<span class="hljs-meta"> gpg></span><span class="bash"> </span> + + sec rsa4096/5EF3A66D57EC647A + created: 2020-05-19 expires: never usage: SC + trust: ultimate validity: ultimate + ssb rsa4096/17628566FEED6AF7 + created: 2020-05-19 expires: never usage: E + [ultimate] (1). Guangxu Cheng <gxch...@apache.org> +</code></pre> +<ul> <li>使用如下命令检查签名</li> </ul> <pre><code class="language-shell">for i in *.tar.gz; do echo $i; gpg --verify $i.asc $i ; done @@ -50,9 +107,11 @@ gpg --verify apache-tubemq-server-${release_version}-bin.tar.gz.asc apache-tubem gpg --verify apache-tubemq-client-${release_version}-bin.tar.gz.asc apache-tubemq-client-${release_version}-bin.tar.gz </code></pre> <ul> -<li>检查结果 -出现类似以下内容则说明签名正确,关键字:<code>Good signature</code></li> +<li>检查结果</li> </ul> +<blockquote> +<p>出现类似以下内容则说明签名正确,关键字:<strong><code>Good signature</code></strong></p> +</blockquote> <pre><code class="language-shell">apache-tubemq-0.3.0-incubating-src.tar.gz gpg: Signature made Sat May 30 11:45:01 2020 CST gpg: using RSA key 9B12C2228BDFF4F4CFE849445EF3A66D57EC647A diff --git a/en-us/docs/development/how-to-verify.json b/en-us/docs/development/how-to-verify.json index 587a0d8..58274ca 100644 --- a/en-us/docs/development/how-to-verify.json +++ b/en-us/docs/development/how-to-verify.json @@ -1,6 +1,6 @@ { "filename": "how-to-verify.md", - "__html": "<h1>验证候选版本</h1>\n<p><font color=\"#dd0000\" size=\"4\">TODO: This page needs to be translated into English. If you are interested, just do it.</font></p>\n<p>详细的检查列表请参考: <a href=\"https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist\">check list</a></p>\n<h2>1. 下载要发布的候选版本到本地环境</h2>\n<pre><code class=\"language-shell\">svn co https://dist.apache.org/repos/dist/dev/incubator/tubemq/${release_version}-${rc_version}/\n</code></pre>\n<h2>2. 验证上传的版本是否合 [...] + "__html": "<h1>验证候选版本</h1>\n<p><font color=\"#dd0000\" size=\"4\">TODO: This page needs to be translated into English. If you are interested, just do it.</font></p>\n<p>详细的检查列表请参考: <a href=\"https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist\">check list</a></p>\n<h2>1. 下载要发布的候选版本到本地环境</h2>\n<pre><code class=\"language-shell\">svn co https://dist.apache.org/repos/dist/dev/incubator/tubemq/${release_version}-${rc_version}/\n</code></pre>\n<h2>2. 验证上传的版本是否合 [...] "link": "/en-us/docs/development/how-to-verify.html", "meta": { "title": "How to Verify - Apache TubeMQ" diff --git a/en-us/docs/development/how-to-verify.md b/en-us/docs/development/how-to-verify.md index ed8d905..e8dae4d 100644 --- a/en-us/docs/development/how-to-verify.md +++ b/en-us/docs/development/how-to-verify.md @@ -26,9 +26,63 @@ svn co https://dist.apache.org/repos/dist/dev/incubator/tubemq/${release_version ### 2.2 检查gpg签名 - 导入公钥 ```shell - curl https://dist.apache.org/repos/dist/dev/tubemq/KEYS >> KEYS # 下载KEYS + curl https://dist.apache.org/repos/dist/dev/incubator/tubemq/KEYS > KEYS # 下载KEYS gpg --import KEYS # 导入KEYS到本地 ``` + - 信任公钥 + > 信任此次版本所使用的KEY + ```shell + gpg --edit-key xxxxxxxxxx #此次版本所使用的KEY + gpg (GnuPG) 2.2.21; Copyright (C) 2020 Free Software Foundation, Inc. + This is free software: you are free to change and redistribute it. + There is NO WARRANTY, to the extent permitted by law. + + Secret key is available. + + sec rsa4096/5EF3A66D57EC647A + created: 2020-05-19 expires: never usage: SC + trust: ultimate validity: ultimate + ssb rsa4096/17628566FEED6AF7 + created: 2020-05-19 expires: never usage: E + [ultimate] (1). Guangxu Cheng <gxch...@apache.org> + + gpg> trust #信任 + sec rsa4096/5EF3A66D57EC647A + created: 2020-05-19 expires: never usage: SC + trust: ultimate validity: ultimate + ssb rsa4096/17628566FEED6AF7 + created: 2020-05-19 expires: never usage: E + [ultimate] (1). Guangxu Cheng <gxch...@apache.org> + + Please decide how far you trust this user to correctly verify other users' keys + (by looking at passports, checking fingerprints from different sources, etc.) + + 1 = I don't know or won't say + 2 = I do NOT trust + 3 = I trust marginally + 4 = I trust fully + 5 = I trust ultimately + m = back to the main menu + + Your decision? 5 #选择5 + Do you really want to set this key to ultimate trust? (y/N) y #选择y + + sec rsa4096/5EF3A66D57EC647A + created: 2020-05-19 expires: never usage: SC + trust: ultimate validity: ultimate + ssb rsa4096/17628566FEED6AF7 + created: 2020-05-19 expires: never usage: E + [ultimate] (1). Guangxu Cheng <gxch...@apache.org> + + gpg> + + sec rsa4096/5EF3A66D57EC647A + created: 2020-05-19 expires: never usage: SC + trust: ultimate validity: ultimate + ssb rsa4096/17628566FEED6AF7 + created: 2020-05-19 expires: never usage: E + [ultimate] (1). Guangxu Cheng <gxch...@apache.org> + ``` - 使用如下命令检查签名 ```shell for i in *.tar.gz; do echo $i; gpg --verify $i.asc $i ; done @@ -39,7 +93,7 @@ svn co https://dist.apache.org/repos/dist/dev/incubator/tubemq/${release_version gpg --verify apache-tubemq-client-${release_version}-bin.tar.gz.asc apache-tubemq-client-${release_version}-bin.tar.gz ``` - 检查结果 -出现类似以下内容则说明签名正确,关键字:`Good signature` + > 出现类似以下内容则说明签名正确,关键字:**`Good signature`** ```shell apache-tubemq-0.3.0-incubating-src.tar.gz gpg: Signature made Sat May 30 11:45:01 2020 CST @@ -79,4 +133,4 @@ for i in *.tar.gz.sha512; do echo $i; sha512sum -c $i; done - 能否正常部署成功 - 部署测试环境、验证生产消费能否正常运行 - 验证你认为可能会出问题的地方 - - .... + - .... \ No newline at end of file diff --git a/zh-cn/docs/development/how-to-release.html b/zh-cn/docs/development/how-to-release.html index 4ed1f20..a217ea3 100644 --- a/zh-cn/docs/development/how-to-release.html +++ b/zh-cn/docs/development/how-to-release.html @@ -374,7 +374,7 @@ Hello Incubator Community, • https://github.com/apache/incubator-tubemq/tree/${release_version}-${rc_version} Release notes: - • https://github.com/apache/incubator-tubemq/releases/tag/${release_version} + • https://github.com/apache/incubator-tubemq/releases/tag/${release_version}-${rc_version} The artifacts signed with PGP key [填写你个人的KEY], corresponding to [填写你个人的邮箱], that can be found in keys file: • https://dist.apache.org/repos/dist/dev/incubator/tubemq/KEYS diff --git a/zh-cn/docs/development/how-to-release.json b/zh-cn/docs/development/how-to-release.json index 20547e0..7e6e918 100644 --- a/zh-cn/docs/development/how-to-release.json +++ b/zh-cn/docs/development/how-to-release.json @@ -1,6 +1,6 @@ { "filename": "how-to-release.md", - "__html": "<h1>如何发布版本</h1>\n<blockquote>\n<p>本文主要介绍了Release Manager如何按照Apache的流程发布版本,</p>\n</blockquote>\n<p>Source Release是Apache关注的重点,也是发布的必须内容;\nBinary Release是可选项,TubeMQ可以选择是否发布二进制包到Apache仓库或者发布到Maven中央仓库。</p>\n<p>请参考以下链接,找到更多关于ASF的发布指南:</p>\n<p><a href=\"https://incubator.apache.org/guides/releasemanagement.html\">Apache Release Guide</a></p>\n<p><a href=\"https://incubator.apache.org/\">Apache incubator 官网</a></p>\n<h2>1. 添加GPG KEY</h2>\n<blockquote>\n<p>本章节主要参考:<a href=\"https:/ [...] + "__html": "<h1>如何发布版本</h1>\n<blockquote>\n<p>本文主要介绍了Release Manager如何按照Apache的流程发布版本,</p>\n</blockquote>\n<p>Source Release是Apache关注的重点,也是发布的必须内容;\nBinary Release是可选项,TubeMQ可以选择是否发布二进制包到Apache仓库或者发布到Maven中央仓库。</p>\n<p>请参考以下链接,找到更多关于ASF的发布指南:</p>\n<p><a href=\"https://incubator.apache.org/guides/releasemanagement.html\">Apache Release Guide</a></p>\n<p><a href=\"https://incubator.apache.org/\">Apache incubator 官网</a></p>\n<h2>1. 添加GPG KEY</h2>\n<blockquote>\n<p>本章节主要参考:<a href=\"https:/ [...] "link": "/zh-cn/docs/development/how-to-release.html", "meta": { "title": "如何发布版本- Apache TubeMQ" diff --git a/zh-cn/docs/development/how-to-release.md b/zh-cn/docs/development/how-to-release.md index cf23436..4d0434c 100644 --- a/zh-cn/docs/development/how-to-release.md +++ b/zh-cn/docs/development/how-to-release.md @@ -405,7 +405,7 @@ Hello Incubator Community, • https://github.com/apache/incubator-tubemq/tree/${release_version}-${rc_version} Release notes: - • https://github.com/apache/incubator-tubemq/releases/tag/${release_version} + • https://github.com/apache/incubator-tubemq/releases/tag/${release_version}-${rc_version} The artifacts signed with PGP key [填写你个人的KEY], corresponding to [填写你个人的邮箱], that can be found in keys file: • https://dist.apache.org/repos/dist/dev/incubator/tubemq/KEYS diff --git a/zh-cn/docs/development/how-to-verify.html b/zh-cn/docs/development/how-to-verify.html index 036e09e..ea477e3 100644 --- a/zh-cn/docs/development/how-to-verify.html +++ b/zh-cn/docs/development/how-to-verify.html @@ -35,10 +35,67 @@ <ul> <li>导入公钥</li> </ul> -<pre><code class="language-shell">curl https://dist.apache.org/repos/dist/dev/tubemq/KEYS >> KEYS # 下载KEYS +<pre><code class="language-shell">curl https://dist.apache.org/repos/dist/dev/incubator/tubemq/KEYS > KEYS # 下载KEYS gpg --import KEYS # 导入KEYS到本地 </code></pre> <ul> +<li>信任公钥</li> +</ul> +<blockquote> +<p>信任此次版本所使用的KEY</p> +</blockquote> +<pre><code class="language-shell"> gpg --edit-key xxxxxxxxxx #此次版本所使用的KEY + gpg (GnuPG) 2.2.21; Copyright (C) 2020 Free Software Foundation, Inc. + This is free software: you are free to change and redistribute it. + There is NO WARRANTY, to the extent permitted by law. + + Secret key is available. + + sec rsa4096/5EF3A66D57EC647A + created: 2020-05-19 expires: never usage: SC + trust: ultimate validity: ultimate + ssb rsa4096/17628566FEED6AF7 + created: 2020-05-19 expires: never usage: E + [ultimate] (1). Guangxu Cheng <gxch...@apache.org> + +<span class="hljs-meta"> gpg></span><span class="bash"> trust <span class="hljs-comment">#信任</span></span> + sec rsa4096/5EF3A66D57EC647A + created: 2020-05-19 expires: never usage: SC + trust: ultimate validity: ultimate + ssb rsa4096/17628566FEED6AF7 + created: 2020-05-19 expires: never usage: E + [ultimate] (1). Guangxu Cheng <gxch...@apache.org> + + Please decide how far you trust this user to correctly verify other users' keys + (by looking at passports, checking fingerprints from different sources, etc.) + + 1 = I don't know or won't say + 2 = I do NOT trust + 3 = I trust marginally + 4 = I trust fully + 5 = I trust ultimately + m = back to the main menu + + Your decision? 5 #选择5 + Do you really want to set this key to ultimate trust? (y/N) y #选择y + + sec rsa4096/5EF3A66D57EC647A + created: 2020-05-19 expires: never usage: SC + trust: ultimate validity: ultimate + ssb rsa4096/17628566FEED6AF7 + created: 2020-05-19 expires: never usage: E + [ultimate] (1). Guangxu Cheng <gxch...@apache.org> + +<span class="hljs-meta"> gpg></span><span class="bash"> </span> + + sec rsa4096/5EF3A66D57EC647A + created: 2020-05-19 expires: never usage: SC + trust: ultimate validity: ultimate + ssb rsa4096/17628566FEED6AF7 + created: 2020-05-19 expires: never usage: E + [ultimate] (1). Guangxu Cheng <gxch...@apache.org> +</code></pre> +<ul> <li>使用如下命令检查签名</li> </ul> <pre><code class="language-shell">for i in *.tar.gz; do echo $i; gpg --verify $i.asc $i ; done @@ -49,9 +106,11 @@ gpg --verify apache-tubemq-server-${release_version}-bin.tar.gz.asc apache-tubem gpg --verify apache-tubemq-client-${release_version}-bin.tar.gz.asc apache-tubemq-client-${release_version}-bin.tar.gz </code></pre> <ul> -<li>检查结果 -出现类似以下内容则说明签名正确,关键字:<code>Good signature</code></li> +<li>检查结果</li> </ul> +<blockquote> +<p>出现类似以下内容则说明签名正确,关键字:<strong><code>Good signature</code></strong></p> +</blockquote> <pre><code class="language-shell">apache-tubemq-0.3.0-incubating-src.tar.gz gpg: Signature made Sat May 30 11:45:01 2020 CST gpg: using RSA key 9B12C2228BDFF4F4CFE849445EF3A66D57EC647A diff --git a/zh-cn/docs/development/how-to-verify.json b/zh-cn/docs/development/how-to-verify.json index 3ac632a..d988050 100644 --- a/zh-cn/docs/development/how-to-verify.json +++ b/zh-cn/docs/development/how-to-verify.json @@ -1,6 +1,6 @@ { "filename": "how-to-verify.md", - "__html": "<h1>验证候选版本</h1>\n<p>详细的检查列表请参考: <a href=\"https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist\">check list</a></p>\n<h2>1. 下载要发布的候选版本到本地环境</h2>\n<pre><code class=\"language-shell\">svn co https://dist.apache.org/repos/dist/dev/incubator/tubemq/${release_version}-${rc_version}/\n</code></pre>\n<h2>2. 验证上传的版本是否合规</h2>\n<blockquote>\n<p>开始验证环节,验证包含但不局限于以下内容和形式</p>\n</blockquote>\n<h3>2.1 查看发布包是否完整</h3>\n<blockquote>\n<p>上传到dist的包必须包含源码包,二进制包可选</p>\ [...] + "__html": "<h1>验证候选版本</h1>\n<p>详细的检查列表请参考: <a href=\"https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist\">check list</a></p>\n<h2>1. 下载要发布的候选版本到本地环境</h2>\n<pre><code class=\"language-shell\">svn co https://dist.apache.org/repos/dist/dev/incubator/tubemq/${release_version}-${rc_version}/\n</code></pre>\n<h2>2. 验证上传的版本是否合规</h2>\n<blockquote>\n<p>开始验证环节,验证包含但不局限于以下内容和形式</p>\n</blockquote>\n<h3>2.1 查看发布包是否完整</h3>\n<blockquote>\n<p>上传到dist的包必须包含源码包,二进制包可选</p>\ [...] "link": "/zh-cn/docs/development/how-to-verify.html", "meta": { "title": "如何验证版本- Apache TubeMQ" diff --git a/zh-cn/docs/development/how-to-verify.md b/zh-cn/docs/development/how-to-verify.md index 6294e70..bb26b29 100644 --- a/zh-cn/docs/development/how-to-verify.md +++ b/zh-cn/docs/development/how-to-verify.md @@ -24,9 +24,63 @@ svn co https://dist.apache.org/repos/dist/dev/incubator/tubemq/${release_version ### 2.2 检查gpg签名 - 导入公钥 ```shell - curl https://dist.apache.org/repos/dist/dev/tubemq/KEYS >> KEYS # 下载KEYS + curl https://dist.apache.org/repos/dist/dev/incubator/tubemq/KEYS > KEYS # 下载KEYS gpg --import KEYS # 导入KEYS到本地 ``` + - 信任公钥 + > 信任此次版本所使用的KEY + ```shell + gpg --edit-key xxxxxxxxxx #此次版本所使用的KEY + gpg (GnuPG) 2.2.21; Copyright (C) 2020 Free Software Foundation, Inc. + This is free software: you are free to change and redistribute it. + There is NO WARRANTY, to the extent permitted by law. + + Secret key is available. + + sec rsa4096/5EF3A66D57EC647A + created: 2020-05-19 expires: never usage: SC + trust: ultimate validity: ultimate + ssb rsa4096/17628566FEED6AF7 + created: 2020-05-19 expires: never usage: E + [ultimate] (1). Guangxu Cheng <gxch...@apache.org> + + gpg> trust #信任 + sec rsa4096/5EF3A66D57EC647A + created: 2020-05-19 expires: never usage: SC + trust: ultimate validity: ultimate + ssb rsa4096/17628566FEED6AF7 + created: 2020-05-19 expires: never usage: E + [ultimate] (1). Guangxu Cheng <gxch...@apache.org> + + Please decide how far you trust this user to correctly verify other users' keys + (by looking at passports, checking fingerprints from different sources, etc.) + + 1 = I don't know or won't say + 2 = I do NOT trust + 3 = I trust marginally + 4 = I trust fully + 5 = I trust ultimately + m = back to the main menu + + Your decision? 5 #选择5 + Do you really want to set this key to ultimate trust? (y/N) y #选择y + + sec rsa4096/5EF3A66D57EC647A + created: 2020-05-19 expires: never usage: SC + trust: ultimate validity: ultimate + ssb rsa4096/17628566FEED6AF7 + created: 2020-05-19 expires: never usage: E + [ultimate] (1). Guangxu Cheng <gxch...@apache.org> + + gpg> + + sec rsa4096/5EF3A66D57EC647A + created: 2020-05-19 expires: never usage: SC + trust: ultimate validity: ultimate + ssb rsa4096/17628566FEED6AF7 + created: 2020-05-19 expires: never usage: E + [ultimate] (1). Guangxu Cheng <gxch...@apache.org> + ``` - 使用如下命令检查签名 ```shell for i in *.tar.gz; do echo $i; gpg --verify $i.asc $i ; done @@ -37,7 +91,7 @@ svn co https://dist.apache.org/repos/dist/dev/incubator/tubemq/${release_version gpg --verify apache-tubemq-client-${release_version}-bin.tar.gz.asc apache-tubemq-client-${release_version}-bin.tar.gz ``` - 检查结果 -出现类似以下内容则说明签名正确,关键字:`Good signature` + > 出现类似以下内容则说明签名正确,关键字:**`Good signature`** ```shell apache-tubemq-0.3.0-incubating-src.tar.gz gpg: Signature made Sat May 30 11:45:01 2020 CST @@ -77,4 +131,4 @@ for i in *.tar.gz.sha512; do echo $i; sha512sum -c $i; done - 能否正常部署成功 - 部署测试环境、验证生产消费能否正常运行 - 验证你认为可能会出问题的地方 - - .... + - .... \ No newline at end of file