Hey Guys - Here is a scriptified version of the release process instructions for verifying the signatures of the release candidate.
gpg --verify knox-$1-src.zip.asc knox-$1-src.zip gpg --verify knox-$1.zip.asc knox-$1.zip gpg --verify knox-$1.tar.gz.asc knox-$1.tar.gz cat knox-$1-src.zip.sha && openssl sha1 knox-$1-src.zip cat knox-$1.zip.sha && openssl sha1 knox-$1.zip cat knox-$1.tar.gz.sha && openssl sha1 knox-$1.tar.gz cat knox-$1-src.zip.md5 && openssl md5 knox-$1-src.zip cat knox-$1.zip.md5 && openssl md5 knox-$1.zip cat knox-$1.tar.gz.md5 && openssl md5 knox-$1.tar.gz Example: bash-3.2$ ~/bin/verifyrc 0.8.0 gpg: Signature made Fri Jan 29 19:40:55 2016 EST using RSA key ID 587C089B gpg: Good signature from "Larry McCay (CODE SIGNING KEY) <[email protected] >" gpg: Signature made Fri Jan 29 19:40:54 2016 EST using RSA key ID 587C089B gpg: Good signature from "Larry McCay (CODE SIGNING KEY) <[email protected] >" gpg: Signature made Fri Jan 29 19:40:55 2016 EST using RSA key ID 587C089B gpg: Good signature from "Larry McCay (CODE SIGNING KEY) <[email protected] >" c62ab779c3f13f54035d6d069871581e0525680a SHA1(knox-0.8.0-src.zip)= c62ab779c3f13f54035d6d069871581e0525680a de5ef273d1f3e48872b73fdb97fb38eba500e416 SHA1(knox-0.8.0.zip)= de5ef273d1f3e48872b73fdb97fb38eba500e416 f9d6463fc2e61b6375cc9ef73f2e579fdd0c6dc1 SHA1(knox-0.8.0.tar.gz)= f9d6463fc2e61b6375cc9ef73f2e579fdd0c6dc1 1a8f68a6c0ef883369efe6439489c150 MD5(knox-0.8.0-src.zip)= 1a8f68a6c0ef883369efe6439489c150 71487f29e1474620c43320676518e651 MD5(knox-0.8.0.zip)= 71487f29e1474620c43320676518e651 96d763c2c8a4dc17cfc525eb6be9688e MD5(knox-0.8.0.tar.gz)= 96d763c2c8a4dc17cfc525eb6be9688e Should say some copy and paste and replacing of placeholders. Enjoy. --lar
