On Tue, Aug 2, 2011 at 8:29 AM, Phil Steitz <phil.ste...@gmail.com> wrote: > On 8/1/11 11:23 PM, Henri Yandell wrote: >> svn list https://svn.apache.org/repos/private/committers/tools/releases >> >> compare_dirs.pl grab_releases.sh >> sign_and_hash.sh verify_archive_equivalence.sh >> gpg-sign-all multisign.sh symlinks.sh >> verify_sigs.sh >> >> Various scripts. I suspect some do the same thing :) > > Yep. I used verify_sigs to verify the hashes and sigs on this one > and grab_releases to download it :)
You can work for years at the ASF and still find jewels like that in some dark corners ;-) Actually grab_releases is a missing feature in my script Cheers! > > Phil >> >> Hen >> >> On Mon, Aug 1, 2011 at 10:45 PM, Simone Tripodi >> <simonetrip...@apache.org> wrote: >>> +1 >>> >>> I additionally used a shell script (kindly provided on Christian >>> Grobmeier blog[1]) to check signatures and output is OK >>> Well done!!! >>> Have a nice day, all the best, >>> Simo >>> >>> [1] >>> http://www.grobmeier.de/checking-md5-and-signatures-with-a-shell-script-29062011.html >>> >>> $ ./verify.sh >>> Checking file: ./commons-daemon-1.0.7.jar >>> Using md5 file: ./commons-daemon-1.0.7.jar.md5 >>> c3460b191a233c8ed4f7bd041a3b3cdf >>> c3460b191a233c8ed4f7bd041a3b3cdf >>> md5 checksums OK >>> Checking file: ./commons-daemon-1.0.7.jar >>> Using sha1 file: ./commons-daemon-1.0.7.jar.sha1 >>> 6177d189e62ac37bf136b6a35fd3ff4a5e8a183a >>> 6177d189e62ac37bf136b6a35fd3ff4a5e8a183a >>> sha1 checksums OK >>> GPG verification output >>> gpg: Signature made Tue Aug 2 06:51:18 2011 CEST using DSA key ID 564C17A3 >>> gpg: Good signature from "Mladen Turk (*** DEFAULT SIGNING KEY ***) >>> <mt...@apache.org>" >>> gpg: WARNING: This key is not certified with a trusted signature! >>> gpg: There is no indication that the signature belongs to the >>> owner. >>> Primary key fingerprint: 61B8 32AC 2F1C 5A90 F0F9 B00A 1C50 6407 564C 17A3 >>> ~~~~~~~~~~~~~~~~~~~~~~~ >>> Checking file: ./commons-daemon-1.0.7-bin.tar.gz >>> Using md5 file: ./commons-daemon-1.0.7-bin.tar.gz.md5 >>> b31ff577b101420d780271a7b055eab5 >>> b31ff577b101420d780271a7b055eab5 >>> md5 checksums OK >>> Checking file: ./commons-daemon-1.0.7-bin.tar.gz >>> Using sha1 file: ./commons-daemon-1.0.7-bin.tar.gz.sha1 >>> ce5a26078e77ea38f53169f3938872c3d76e0a6e >>> ce5a26078e77ea38f53169f3938872c3d76e0a6e >>> sha1 checksums OK >>> GPG verification output >>> gpg: Signature made Tue Aug 2 06:51:32 2011 CEST using DSA key ID 564C17A3 >>> gpg: Good signature from "Mladen Turk (*** DEFAULT SIGNING KEY ***) >>> <mt...@apache.org>" >>> gpg: WARNING: This key is not certified with a trusted signature! >>> gpg: There is no indication that the signature belongs to the >>> owner. >>> Primary key fingerprint: 61B8 32AC 2F1C 5A90 F0F9 B00A 1C50 6407 564C 17A3 >>> ~~~~~~~~~~~~~~~~~~~~~~~ >>> Checking file: ./commons-daemon-1.0.7-bin.zip >>> Using md5 file: ./commons-daemon-1.0.7-bin.zip.md5 >>> 8b978ce01ffac6eab97250df4cb528da >>> 8b978ce01ffac6eab97250df4cb528da >>> md5 checksums OK >>> Checking file: ./commons-daemon-1.0.7-bin.zip >>> Using sha1 file: ./commons-daemon-1.0.7-bin.zip.sha1 >>> 060bc3ce907522f58baf8a841865c41c8a3c0e25 >>> 060bc3ce907522f58baf8a841865c41c8a3c0e25 >>> sha1 checksums OK >>> GPG verification output >>> gpg: Signature made Tue Aug 2 06:51:03 2011 CEST using DSA key ID 564C17A3 >>> gpg: Good signature from "Mladen Turk (*** DEFAULT SIGNING KEY ***) >>> <mt...@apache.org>" >>> gpg: WARNING: This key is not certified with a trusted signature! >>> gpg: There is no indication that the signature belongs to the >>> owner. >>> Primary key fingerprint: 61B8 32AC 2F1C 5A90 F0F9 B00A 1C50 6407 564C 17A3 >>> >>> http://people.apache.org/~simonetripodi/ >>> http://www.99soft.org/ >>> >>> >>> >>> On Tue, Aug 2, 2011 at 7:28 AM, Phil Steitz <phil.ste...@gmail.com> wrote: >>>> +1 >>>> >>>> Phil >>>> >>>> On 8/1/11 10:06 PM, Mladen Turk wrote: >>>>> The proposed Apache Commons Daemon 1.0.7 release is now available >>>>> for voting. >>>>> >>>>> It can be obtained from: >>>>> http://people.apache.org/~mturk/daemon-1.0.7/ >>>>> The svn tag is: >>>>> https://svn.apache.org/repos/asf/commons/proper/daemon/tags/COMMONS_DAEMON_1_0_7_RC1/ >>>>> >>>>> >>>>> The vote will last for 72 hours or less if enough votes are >>>>> collected. >>>>> As usual, if voted, the tag will be renamed to COMMONS_DAEMON_1_0_7. >>>>> >>>>> >>>>> The proposed 1.0.7 release is: >>>>> [ ] Stable - go ahead and release as 1.0.7 Stable >>>>> [ ] Broken - do not release >>>>> >>>>> >>>>> Regards >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org >>>> For additional commands, e-mail: dev-h...@commons.apache.org >>>> >>>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org >>> For additional commands, e-mail: dev-h...@commons.apache.org >>> >>> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org >> For additional commands, e-mail: dev-h...@commons.apache.org >> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > > -- http://www.grobmeier.de --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
