One more general comment that I did not know what to do with. Steps 6
and 7 (checksums and sigs) and 11 (upload) involve quite a bit of manual
typing that is time consuming and can lead to errors. For 6 and 7, I
used the script below (please do not make fun of my limited bash skills
;-). I have another one that does verification separately (presumably
from a different user ID). It would be nice to also have a script to
create the symlinks in 11 automatically. Does anyone have this? Should
these scripts a) go in committers/tools b) be housed somewhere in j-c
c) be summarized / embedded / linked in the instructions or d) none of
the above?
#!/bin/sh
#---------------------------------------------------------------
# Creates detached ascii signatures and md5 hashes for each
# of the files in the current directory.
#
# Also verifies the signatures.
#
# For each file in the current directory, two new files
# are created:
#
# <name>.asc -- ascii-armored detached PGP digital signature
# <name>.md5 -- md5 hash (checksum)
#
# where <name> is the name of the file, not including file
# path.
#
# For example, foo-1.0-src.tar.gz in the current
# directory will result in foo-1.0-src.tar.gz.asc and
# foo-1.0-src.tar.gz.md5 added to the current directory.
#
# Deletes any .asc or .md5 files in the current directory
# before processing and does NOT recurse subdirectories.
#
# usage:
# signAndHash
#
# requires:
# gpg
# openssl
#---------------------------------------------------------------
`rm *.asc`
`rm *.md5`
for file in *; do
if [ -f "$file" ]; then
openssl md5 < $file > ${file}.md5
gpg --armor --output ${file}.asc --detach-sig $file
gpg --verify ${file}.asc $file
fi
done
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
