On 8/1/11 11:23 PM, Henri Yandell wrote: > svn list https://svn.apache.org/repos/private/committers/tools/releases > > compare_dirs.pl grab_releases.sh > sign_and_hash.sh verify_archive_equivalence.sh > gpg-sign-all multisign.sh symlinks.sh > verify_sigs.sh > > Various scripts. I suspect some do the same thing :)
Yep. I used verify_sigs to verify the hashes and sigs on this one and grab_releases to download it :) Phil > > Hen > > On Mon, Aug 1, 2011 at 10:45 PM, Simone Tripodi > <simonetrip...@apache.org> wrote: >> +1 >> >> I additionally used a shell script (kindly provided on Christian >> Grobmeier blog[1]) to check signatures and output is OK >> Well done!!! >> Have a nice day, all the best, >> Simo >> >> [1] >> http://www.grobmeier.de/checking-md5-and-signatures-with-a-shell-script-29062011.html >> >> $ ./verify.sh >> Checking file: ./commons-daemon-1.0.7.jar >> Using md5 file: ./commons-daemon-1.0.7.jar.md5 >> c3460b191a233c8ed4f7bd041a3b3cdf >> c3460b191a233c8ed4f7bd041a3b3cdf >> md5 checksums OK >> Checking file: ./commons-daemon-1.0.7.jar >> Using sha1 file: ./commons-daemon-1.0.7.jar.sha1 >> 6177d189e62ac37bf136b6a35fd3ff4a5e8a183a >> 6177d189e62ac37bf136b6a35fd3ff4a5e8a183a >> sha1 checksums OK >> GPG verification output >> gpg: Signature made Tue Aug 2 06:51:18 2011 CEST using DSA key ID 564C17A3 >> gpg: Good signature from "Mladen Turk (*** DEFAULT SIGNING KEY ***) >> <mt...@apache.org>" >> gpg: WARNING: This key is not certified with a trusted signature! >> gpg: There is no indication that the signature belongs to the owner. >> Primary key fingerprint: 61B8 32AC 2F1C 5A90 F0F9 B00A 1C50 6407 564C 17A3 >> ~~~~~~~~~~~~~~~~~~~~~~~ >> Checking file: ./commons-daemon-1.0.7-bin.tar.gz >> Using md5 file: ./commons-daemon-1.0.7-bin.tar.gz.md5 >> b31ff577b101420d780271a7b055eab5 >> b31ff577b101420d780271a7b055eab5 >> md5 checksums OK >> Checking file: ./commons-daemon-1.0.7-bin.tar.gz >> Using sha1 file: ./commons-daemon-1.0.7-bin.tar.gz.sha1 >> ce5a26078e77ea38f53169f3938872c3d76e0a6e >> ce5a26078e77ea38f53169f3938872c3d76e0a6e >> sha1 checksums OK >> GPG verification output >> gpg: Signature made Tue Aug 2 06:51:32 2011 CEST using DSA key ID 564C17A3 >> gpg: Good signature from "Mladen Turk (*** DEFAULT SIGNING KEY ***) >> <mt...@apache.org>" >> gpg: WARNING: This key is not certified with a trusted signature! >> gpg: There is no indication that the signature belongs to the owner. >> Primary key fingerprint: 61B8 32AC 2F1C 5A90 F0F9 B00A 1C50 6407 564C 17A3 >> ~~~~~~~~~~~~~~~~~~~~~~~ >> Checking file: ./commons-daemon-1.0.7-bin.zip >> Using md5 file: ./commons-daemon-1.0.7-bin.zip.md5 >> 8b978ce01ffac6eab97250df4cb528da >> 8b978ce01ffac6eab97250df4cb528da >> md5 checksums OK >> Checking file: ./commons-daemon-1.0.7-bin.zip >> Using sha1 file: ./commons-daemon-1.0.7-bin.zip.sha1 >> 060bc3ce907522f58baf8a841865c41c8a3c0e25 >> 060bc3ce907522f58baf8a841865c41c8a3c0e25 >> sha1 checksums OK >> GPG verification output >> gpg: Signature made Tue Aug 2 06:51:03 2011 CEST using DSA key ID 564C17A3 >> gpg: Good signature from "Mladen Turk (*** DEFAULT SIGNING KEY ***) >> <mt...@apache.org>" >> gpg: WARNING: This key is not certified with a trusted signature! >> gpg: There is no indication that the signature belongs to the owner. >> Primary key fingerprint: 61B8 32AC 2F1C 5A90 F0F9 B00A 1C50 6407 564C 17A3 >> >> http://people.apache.org/~simonetripodi/ >> http://www.99soft.org/ >> >> >> >> On Tue, Aug 2, 2011 at 7:28 AM, Phil Steitz <phil.ste...@gmail.com> wrote: >>> +1 >>> >>> Phil >>> >>> On 8/1/11 10:06 PM, Mladen Turk wrote: >>>> The proposed Apache Commons Daemon 1.0.7 release is now available >>>> for voting. >>>> >>>> It can be obtained from: >>>> http://people.apache.org/~mturk/daemon-1.0.7/ >>>> The svn tag is: >>>> https://svn.apache.org/repos/asf/commons/proper/daemon/tags/COMMONS_DAEMON_1_0_7_RC1/ >>>> >>>> >>>> The vote will last for 72 hours or less if enough votes are >>>> collected. >>>> As usual, if voted, the tag will be renamed to COMMONS_DAEMON_1_0_7. >>>> >>>> >>>> The proposed 1.0.7 release is: >>>> [ ] Stable - go ahead and release as 1.0.7 Stable >>>> [ ] Broken - do not release >>>> >>>> >>>> Regards >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org >>> For additional commands, e-mail: dev-h...@commons.apache.org >>> >>> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org >> For additional commands, e-mail: dev-h...@commons.apache.org >> >> > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
