On 28 June 2012 14:09, Felix Meschberger <[email protected]> wrote: > Thanks alot ! > > Works perfectly on my Mac box, too. > > One minor nitpick, though: I think the script should not wget and import the > keys from dist/aries/KEYS. I prefer to import them manually myself from a > different source ...
What's the safest source: http://svn.apache.org/repos/asf/aries/KEYS or dist/aries/KEYS ? Or do you mean a non-apache source? Would gpg --import --interactive and perhaps --verbose help you? > > Regards > Felix > > Am 28.06.2012 um 15:00 schrieb Jeremy Hughes: > >> On 26 June 2012 21:39, Holly Cummins <[email protected]> wrote: >>> With some liberal borrowing from the Felix script Guillaume pointed us >>> to, I've converted Jeremy's release verification instructions >>> (http://aries.apache.org/development/verifyingrelease.html) into a >>> shell script. This should make it *much* easier for PMC members to >>> validate our releases - just point and go. The script is at >>> https://svn.apache.org/repos/asf/aries/scripts/verify_staged_release.sh. >>> I've tested on mac, and I believe it will also work on cygwin and >>> linux, although I'd love to know if it doesn't. >> >> Great works for me on cygwin. Needed to use openssl to get md5sum and >> sha1sum checking as per the comments in the script. (I was using >> md5sum command line), >> >>> >>> It imports the Apache keys, downloads the staged artefacts, runs MD5 >>> and SHA1 checks, verifies the signature, builds the source, and runs >>> rat checks. A failure in any of those stages will give a FAIL message >>> in the log which can be grepped for. Doing these steps should be >>> sufficient to meet the Apache process and allow a PMC member to +1 a >>> release in clear conscience. >>> >>> For example, to verify the current test support release candidate, >>> just cut and paste: >>> >>> wget --no-check-certificate >>> https://svn.apache.org/repos/asf/aries/scripts/verify_staged_release.sh >>> chmod a+x verify_staged_release.sh >>> ./verify_staged_release.sh 256 mytempdirectory &> verifyresults.txt >>> grep FAIL verifyresults.txt >>> >>> To verify the small set of API bundles release candidate, cut and paste: >>> >>> wget --no-check-certificate >>> https://svn.apache.org/repos/asf/aries/scripts/verify_staged_release.sh >>> chmod a+x verify_staged_release.sh >>> ./verify_staged_release.sh 269 mytempdirectory &> verifyresults.txt >>> grep FAIL verifyresults.txt >>> >>> Feedback very welcome - hopefully this will make things easier for all of >>> us. >>> >>> Holly >
