You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spark.apache.org by GitBox <gi...@apache.org> on 2021/08/19 04:02:20 UTC
[GitHub] [spark-website] Ngone51 opened a new pull request #356: Improve the guideline of Preparing gpg key
Ngone51 opened a new pull request #356:
URL: https://github.com/apache/spark-website/pull/356
This PR proposes to improve the guideline of `Preparing gpg key` section in the release process. This's how it looks like before and after:
### Before
<img width="1720" alt="WeChat9598a20a3890bb7b09ce583b2ee014b3" src="https://user-images.githubusercontent.com/16397174/130005588-5e1f6b54-b996-410c-bd81-0e1885e742a2.png">
### After
<img width="1734" alt="WeChat118ad6c405e02cf0a31ef1f52c647508" src="https://user-images.githubusercontent.com/16397174/130005226-760a6901-c603-4532-b5e1-ee2f5e1e47b8.png">
<img width="1734" alt="WeChat03c9be05f12c2a3418e3c8bf58037179" src="https://user-images.githubusercontent.com/16397174/130005256-7a616564-7484-4dc3-9bc0-ce67948e88cf.png">
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org
[GitHub] [spark-website] Ngone51 commented on pull request #356: Improve the guideline of Preparing gpg key
Posted by GitBox <gi...@apache.org>.
Ngone51 commented on pull request #356:
URL: https://github.com/apache/spark-website/pull/356#issuecomment-901591270
cc @HyukjinKwon @cloud-fan @gengliangwang
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org
[GitHub] [spark-website] cloud-fan commented on a change in pull request #356: Improve the guideline of Preparing gpg key
Posted by GitBox <gi...@apache.org>.
cloud-fan commented on a change in pull request #356:
URL: https://github.com/apache/spark-website/pull/356#discussion_r691793389
##########
File path: release-process.md
##########
@@ -39,15 +39,82 @@ If you are a new Release Manager, you can read up on the process from the follow
You can skip this section if you have already uploaded your key.
-After generating the gpg key, you need to upload your key to a public key server. Please refer to
-<a href="https://www.apache.org/dev/openpgp.html#generate-key">https://www.apache.org/dev/openpgp.html#generate-key</a>
-for details.
+<h4>Generate Key</h4>
-If you want to do the release on another machine, you can transfer your secret key to that machine
-via the `gpg --export-secret-keys` and `gpg --import` commands.
+Here's an example of gpg 2.0.12. If you use gpg version 1 series, please refer to <a href="https://www.apache.org/dev/openpgp.html#generate-key">generate-key</a> for details.
+
+```
+:::console
+$ gpg --full-gen-key
+gpg (GnuPG) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc.
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Please select what kind of key you want:
+ (1) RSA and RSA (default)
+ (2) DSA and Elgamal
+ (3) DSA (sign only)
+ (4) RSA (sign only)
+Your selection? 1
+RSA keys may be between 1024 and 4096 bits long.
+What keysize do you want? (2048) 4096
+Requested keysize is 4096 bits
+Please specify how long the key should be valid.
+ 0 = key does not expire
+ <n> = key expires in n days
+ <n>w = key expires in n weeks
+ <n>m = key expires in n months
+ <n>y = key expires in n years
+Key is valid for? (0)
+Key does not expire at all
+Is this correct? (y/N) y
+
+GnuPG needs to construct a user ID to identify your key.
+
+Real name: Robert Burrell Donkin
+Email address: rdonkin@apache.org
+Comment: CODE SIGNING KEY
+You selected this USER-ID:
+ "Robert Burrell Donkin (CODE SIGNING KEY) <rd...@apache.org>"
+
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
+You need a Passphrase to protect your secret key.
+```
+
+<h4>Upload Key</h4>
-The last step is to update the KEYS file with your code signing key
-<a href="https://www.apache.org/dev/openpgp.html#export-public-key">https://www.apache.org/dev/openpgp.html#export-public-key</a>
+After generating the key, we should upload the public key to a <a href="https://infra.apache.org/release-signing.html#keyserver">public key server</a>.
+Upload the public key either by:
+
+(<b>Recommended</b>)
+First, export all public keys to ASCII-armored public key by
+```
+:::console
+$ gpg --export --armor
+```
+or export the specific public key if you know the <a href="https://infra.apache.org/release-signing.html#key-id">key ID</a>, e.g.,
+```
+:::console
+$ gpg --export --armor AD741727
Review comment:
is there a way to find the id of the newly created CODE SIGNING KEY?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org
[GitHub] [spark-website] cloud-fan commented on a change in pull request #356: Improve the guideline of Preparing gpg key
Posted by GitBox <gi...@apache.org>.
cloud-fan commented on a change in pull request #356:
URL: https://github.com/apache/spark-website/pull/356#discussion_r691793523
##########
File path: release-process.md
##########
@@ -39,15 +39,82 @@ If you are a new Release Manager, you can read up on the process from the follow
You can skip this section if you have already uploaded your key.
-After generating the gpg key, you need to upload your key to a public key server. Please refer to
-<a href="https://www.apache.org/dev/openpgp.html#generate-key">https://www.apache.org/dev/openpgp.html#generate-key</a>
-for details.
+<h4>Generate Key</h4>
-If you want to do the release on another machine, you can transfer your secret key to that machine
-via the `gpg --export-secret-keys` and `gpg --import` commands.
+Here's an example of gpg 2.0.12. If you use gpg version 1 series, please refer to <a href="https://www.apache.org/dev/openpgp.html#generate-key">generate-key</a> for details.
+
+```
+:::console
+$ gpg --full-gen-key
+gpg (GnuPG) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc.
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Please select what kind of key you want:
+ (1) RSA and RSA (default)
+ (2) DSA and Elgamal
+ (3) DSA (sign only)
+ (4) RSA (sign only)
+Your selection? 1
+RSA keys may be between 1024 and 4096 bits long.
+What keysize do you want? (2048) 4096
+Requested keysize is 4096 bits
+Please specify how long the key should be valid.
+ 0 = key does not expire
+ <n> = key expires in n days
+ <n>w = key expires in n weeks
+ <n>m = key expires in n months
+ <n>y = key expires in n years
+Key is valid for? (0)
+Key does not expire at all
+Is this correct? (y/N) y
+
+GnuPG needs to construct a user ID to identify your key.
+
+Real name: Robert Burrell Donkin
+Email address: rdonkin@apache.org
+Comment: CODE SIGNING KEY
+You selected this USER-ID:
+ "Robert Burrell Donkin (CODE SIGNING KEY) <rd...@apache.org>"
+
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
+You need a Passphrase to protect your secret key.
+```
+
+<h4>Upload Key</h4>
-The last step is to update the KEYS file with your code signing key
-<a href="https://www.apache.org/dev/openpgp.html#export-public-key">https://www.apache.org/dev/openpgp.html#export-public-key</a>
+After generating the key, we should upload the public key to a <a href="https://infra.apache.org/release-signing.html#keyserver">public key server</a>.
+Upload the public key either by:
+
+(<b>Recommended</b>)
+First, export all public keys to ASCII-armored public key by
+```
+:::console
+$ gpg --export --armor
+```
+or export the specific public key if you know the <a href="https://infra.apache.org/release-signing.html#key-id">key ID</a>, e.g.,
+```
+:::console
+$ gpg --export --armor AD741727
+```
+(Please refer to <a href="https://infra.apache.org/openpgp.html#export-public-key">export-public-key</a> for details.)
+
+Second, copy-paste your ASCII-armored public key to <a href="http://keyserver.ubuntu.com:11371/#submitKey">OpenPGP Keyserver</a> and submit.
+
+or
+
+Use gpg command to upload, e.g.,
+
+```
+$ gpg --send-key B13131DE2
Review comment:
Can we use the same id in the previous example `AD741727`?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org
[GitHub] [spark-website] cloud-fan commented on pull request #356: Improve the guideline of Preparing gpg key
Posted by GitBox <gi...@apache.org>.
cloud-fan commented on pull request #356:
URL: https://github.com/apache/spark-website/pull/356#issuecomment-906189763
merged, thanks!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org
[GitHub] [spark-website] gengliangwang commented on a change in pull request #356: Improve the guideline of Preparing gpg key
Posted by GitBox <gi...@apache.org>.
gengliangwang commented on a change in pull request #356:
URL: https://github.com/apache/spark-website/pull/356#discussion_r691803255
##########
File path: release-process.md
##########
@@ -39,15 +39,82 @@ If you are a new Release Manager, you can read up on the process from the follow
You can skip this section if you have already uploaded your key.
-After generating the gpg key, you need to upload your key to a public key server. Please refer to
-<a href="https://www.apache.org/dev/openpgp.html#generate-key">https://www.apache.org/dev/openpgp.html#generate-key</a>
-for details.
+<h4>Generate Key</h4>
-If you want to do the release on another machine, you can transfer your secret key to that machine
-via the `gpg --export-secret-keys` and `gpg --import` commands.
+Here's an example of gpg 2.0.12. If you use gpg version 1 series, please refer to <a href="https://www.apache.org/dev/openpgp.html#generate-key">generate-key</a> for details.
+
+```
+:::console
+$ gpg --full-gen-key
+gpg (GnuPG) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc.
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Please select what kind of key you want:
+ (1) RSA and RSA (default)
+ (2) DSA and Elgamal
+ (3) DSA (sign only)
+ (4) RSA (sign only)
+Your selection? 1
+RSA keys may be between 1024 and 4096 bits long.
+What keysize do you want? (2048) 4096
+Requested keysize is 4096 bits
+Please specify how long the key should be valid.
+ 0 = key does not expire
+ <n> = key expires in n days
+ <n>w = key expires in n weeks
+ <n>m = key expires in n months
+ <n>y = key expires in n years
+Key is valid for? (0)
+Key does not expire at all
+Is this correct? (y/N) y
+
+GnuPG needs to construct a user ID to identify your key.
+
+Real name: Robert Burrell Donkin
+Email address: rdonkin@apache.org
+Comment: CODE SIGNING KEY
+You selected this USER-ID:
+ "Robert Burrell Donkin (CODE SIGNING KEY) <rd...@apache.org>"
+
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
+You need a Passphrase to protect your secret key.
+```
+
+<h4>Upload Key</h4>
Review comment:
This new section seems duplicated with https://infra.apache.org/openpgp.html
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org
[GitHub] [spark-website] cloud-fan commented on a change in pull request #356: Improve the guideline of Preparing gpg key
Posted by GitBox <gi...@apache.org>.
cloud-fan commented on a change in pull request #356:
URL: https://github.com/apache/spark-website/pull/356#discussion_r691867352
##########
File path: release-process.md
##########
@@ -39,15 +39,97 @@ If you are a new Release Manager, you can read up on the process from the follow
You can skip this section if you have already uploaded your key.
-After generating the gpg key, you need to upload your key to a public key server. Please refer to
-<a href="https://www.apache.org/dev/openpgp.html#generate-key">https://www.apache.org/dev/openpgp.html#generate-key</a>
-for details.
+<h4>Generate Key</h4>
-If you want to do the release on another machine, you can transfer your secret key to that machine
-via the `gpg --export-secret-keys` and `gpg --import` commands.
+Here's an example of gpg 2.0.12. If you use gpg version 1 series, please refer to <a href="https://www.apache.org/dev/openpgp.html#generate-key">generate-key</a> for details.
+
+```
+:::console
+$ gpg --full-gen-key
+gpg (GnuPG) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc.
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Please select what kind of key you want:
+ (1) RSA and RSA (default)
+ (2) DSA and Elgamal
+ (3) DSA (sign only)
+ (4) RSA (sign only)
+Your selection? 1
+RSA keys may be between 1024 and 4096 bits long.
+What keysize do you want? (2048) 4096
+Requested keysize is 4096 bits
+Please specify how long the key should be valid.
+ 0 = key does not expire
+ <n> = key expires in n days
+ <n>w = key expires in n weeks
+ <n>m = key expires in n months
+ <n>y = key expires in n years
+Key is valid for? (0)
+Key does not expire at all
+Is this correct? (y/N) y
+
+GnuPG needs to construct a user ID to identify your key.
+
+Real name: Robert Burrell Donkin
+Email address: rdonkin@apache.org
+Comment: CODE SIGNING KEY
+You selected this USER-ID:
+ "Robert Burrell Donkin (CODE SIGNING KEY) <rd...@apache.org>"
+
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
+You need a Passphrase to protect your secret key.
+```
+
+<h4>Upload Key</h4>
+
+After generating the key, we should upload the public key to a <a href="https://infra.apache.org/release-signing.html#keyserver">public key server</a>.
+Upload the public key either by:
+
+(<b>Recommended</b>)
+First, export all public keys to ASCII-armored public key by
+```
+:::console
+$ gpg --export --armor
+```
+or export the specific public key if you know the <a href="https://infra.apache.org/release-signing.html#key-id">key ID</a>, e.g.,
+```
+:::console
+$ gpg --export --armor AD741727
+```
+
+Here's an example of how to get the key ID for your public key:
Review comment:
Can we move it to the `Generate Key` section? I think the release manager should get the key id right after he/she generates the gpg key.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org
[GitHub] [spark-website] cloud-fan merged pull request #356: Improve the guideline of Preparing gpg key
Posted by GitBox <gi...@apache.org>.
cloud-fan merged pull request #356:
URL: https://github.com/apache/spark-website/pull/356
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org
[GitHub] [spark-website] Ngone51 commented on a change in pull request #356: Improve the guideline of Preparing gpg key
Posted by GitBox <gi...@apache.org>.
Ngone51 commented on a change in pull request #356:
URL: https://github.com/apache/spark-website/pull/356#discussion_r696361680
##########
File path: release-process.md
##########
@@ -39,15 +39,79 @@ If you are a new Release Manager, you can read up on the process from the follow
You can skip this section if you have already uploaded your key.
-After generating the gpg key, you need to upload your key to a public key server. Please refer to
-<a href="https://www.apache.org/dev/openpgp.html#generate-key">https://www.apache.org/dev/openpgp.html#generate-key</a>
-for details.
+<h4>Generate Key</h4>
-If you want to do the release on another machine, you can transfer your secret key to that machine
-via the `gpg --export-secret-keys` and `gpg --import` commands.
+Here's an example of gpg 2.0.12. If you use gpg version 1 series, please refer to <a href="https://www.apache.org/dev/openpgp.html#generate-key">generate-key</a> for details.
+
+```
+:::console
+$ gpg --full-gen-key
+gpg (GnuPG) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc.
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Please select what kind of key you want:
+ (1) RSA and RSA (default)
+ (2) DSA and Elgamal
+ (3) DSA (sign only)
+ (4) RSA (sign only)
+Your selection? 1
+RSA keys may be between 1024 and 4096 bits long.
+What keysize do you want? (2048) 4096
+Requested keysize is 4096 bits
+Please specify how long the key should be valid.
+ 0 = key does not expire
+ <n> = key expires in n days
+ <n>w = key expires in n weeks
+ <n>m = key expires in n months
+ <n>y = key expires in n years
+Key is valid for? (0)
+Key does not expire at all
+Is this correct? (y/N) y
+
+GnuPG needs to construct a user ID to identify your key.
+
+Real name: Robert Burrell Donkin
+Email address: rdonkin@apache.org
+Comment: CODE SIGNING KEY
+You selected this USER-ID:
+ "Robert Burrell Donkin (CODE SIGNING KEY) <rd...@apache.org>"
+
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
+We need to generate a lot of random bytes. It is a good idea to perform
+some other action (type on the keyboard, move the mouse, utilize the
+disks) during the prime generation; this gives the random number
+generator a better chance to gain enough entropy.
+We need to generate a lot of random bytes. It is a good idea to perform
+some other action (type on the keyboard, move the mouse, utilize the
+disks) during the prime generation; this gives the random number
+generator a better chance to gain enough entropy.
+gpg: key 04B3B5C426A27D33 marked as ultimately trusted
+gpg: revocation certificate stored as '/home/ubuntu/.gnupg/openpgp-revocs.d/08071B1E23C8A7E2CA1E891A04B3B5C426A27D33.rev'
+public and secret key created and signed.
+
+pub rsa4096 2021-08-19 [SC]
+ 08071B1E23C8A7E2CA1E891A04B3B5C426A27D33
+uid Jack (test) <Ja...@mail.com>
+sub rsa4096 2021-08-19 [E]
+```
+
+Note that the last 8 digits (26A27D33) of the public key is the <a href="https://infra.apache.org/release-signing.html#key-id">key ID</a>.
+
+<h4>Upload Key</h4>
+
+After generating the public key, we should upload it to <a href="https://infra.apache.org/release-signing.html#keyserver">public key server</a>:
-The last step is to update the KEYS file with your code signing key
-<a href="https://www.apache.org/dev/openpgp.html#export-public-key">https://www.apache.org/dev/openpgp.html#export-public-key</a>
+```
+$ gpg --keyserver keys.openpgp.org --send-key 26A27D33
+```
+
+Please refer to <a href="https://infra.apache.org/release-signing.html#keyserver-upload">keyserver-upload</a> for details.
+
+<h4>Update KEYS file with your code signing key</h4>
+
+The code signing key is exactly the same with the ASCII-armored public key mentioned above.
Review comment:
Oh. that was mentioned in the removed second key loading way. Let me move it here.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org
[GitHub] [spark-website] gengliangwang commented on a change in pull request #356: Improve the guideline of Preparing gpg key
Posted by GitBox <gi...@apache.org>.
gengliangwang commented on a change in pull request #356:
URL: https://github.com/apache/spark-website/pull/356#discussion_r692174007
##########
File path: release-process.md
##########
@@ -39,15 +39,90 @@ If you are a new Release Manager, you can read up on the process from the follow
You can skip this section if you have already uploaded your key.
-After generating the gpg key, you need to upload your key to a public key server. Please refer to
-<a href="https://www.apache.org/dev/openpgp.html#generate-key">https://www.apache.org/dev/openpgp.html#generate-key</a>
-for details.
+<h4>Generate Key</h4>
-If you want to do the release on another machine, you can transfer your secret key to that machine
-via the `gpg --export-secret-keys` and `gpg --import` commands.
+Here's an example of gpg 2.0.12. If you use gpg version 1 series, please refer to <a href="https://www.apache.org/dev/openpgp.html#generate-key">generate-key</a> for details.
+
+```
+:::console
+$ gpg --full-gen-key
+gpg (GnuPG) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc.
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Please select what kind of key you want:
+ (1) RSA and RSA (default)
+ (2) DSA and Elgamal
+ (3) DSA (sign only)
+ (4) RSA (sign only)
+Your selection? 1
+RSA keys may be between 1024 and 4096 bits long.
+What keysize do you want? (2048) 4096
+Requested keysize is 4096 bits
+Please specify how long the key should be valid.
+ 0 = key does not expire
+ <n> = key expires in n days
+ <n>w = key expires in n weeks
+ <n>m = key expires in n months
+ <n>y = key expires in n years
+Key is valid for? (0)
+Key does not expire at all
+Is this correct? (y/N) y
+
+GnuPG needs to construct a user ID to identify your key.
+
+Real name: Robert Burrell Donkin
+Email address: rdonkin@apache.org
+Comment: CODE SIGNING KEY
+You selected this USER-ID:
+ "Robert Burrell Donkin (CODE SIGNING KEY) <rd...@apache.org>"
+
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
+We need to generate a lot of random bytes. It is a good idea to perform
+some other action (type on the keyboard, move the mouse, utilize the
+disks) during the prime generation; this gives the random number
+generator a better chance to gain enough entropy.
+We need to generate a lot of random bytes. It is a good idea to perform
+some other action (type on the keyboard, move the mouse, utilize the
+disks) during the prime generation; this gives the random number
+generator a better chance to gain enough entropy.
+gpg: key 04B3B5C426A27D33 marked as ultimately trusted
+gpg: revocation certificate stored as '/home/ubuntu/.gnupg/openpgp-revocs.d/08071B1E23C8A7E2CA1E891A04B3B5C426A27D33.rev'
+public and secret key created and signed.
+
+pub rsa4096 2021-08-19 [SC]
+ 08071B1E23C8A7E2CA1E891A04B3B5C426A27D33
+uid Jack (test) <Ja...@mail.com>
+sub rsa4096 2021-08-19 [E]
+```
+
+Note that the last 8 digits (26A27D33) of the public key is the <a href="https://infra.apache.org/release-signing.html#key-id">key ID</a>.
-The last step is to update the KEYS file with your code signing key
-<a href="https://www.apache.org/dev/openpgp.html#export-public-key">https://www.apache.org/dev/openpgp.html#export-public-key</a>
+<h4>Upload Key</h4>
+
+After generating the public key, we should upload it to a <a href="https://infra.apache.org/release-signing.html#keyserver">public key server</a>.
+You can upload:
+
+either use gpg command:
+
+```
+$ gpg --send-key 26A27D33 --keyserver keys.openpgp.org
Review comment:
nit: change the order of param so that it is easier to modify the key name
```
gpg --keyserver keys.openpgp.org --send-key 26A27D33
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org
[GitHub] [spark-website] Ngone51 commented on a change in pull request #356: Improve the guideline of Preparing gpg key
Posted by GitBox <gi...@apache.org>.
Ngone51 commented on a change in pull request #356:
URL: https://github.com/apache/spark-website/pull/356#discussion_r691848276
##########
File path: release-process.md
##########
@@ -39,15 +39,82 @@ If you are a new Release Manager, you can read up on the process from the follow
You can skip this section if you have already uploaded your key.
-After generating the gpg key, you need to upload your key to a public key server. Please refer to
-<a href="https://www.apache.org/dev/openpgp.html#generate-key">https://www.apache.org/dev/openpgp.html#generate-key</a>
-for details.
+<h4>Generate Key</h4>
-If you want to do the release on another machine, you can transfer your secret key to that machine
-via the `gpg --export-secret-keys` and `gpg --import` commands.
+Here's an example of gpg 2.0.12. If you use gpg version 1 series, please refer to <a href="https://www.apache.org/dev/openpgp.html#generate-key">generate-key</a> for details.
+
+```
+:::console
+$ gpg --full-gen-key
+gpg (GnuPG) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc.
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Please select what kind of key you want:
+ (1) RSA and RSA (default)
+ (2) DSA and Elgamal
+ (3) DSA (sign only)
+ (4) RSA (sign only)
+Your selection? 1
+RSA keys may be between 1024 and 4096 bits long.
+What keysize do you want? (2048) 4096
+Requested keysize is 4096 bits
+Please specify how long the key should be valid.
+ 0 = key does not expire
+ <n> = key expires in n days
+ <n>w = key expires in n weeks
+ <n>m = key expires in n months
+ <n>y = key expires in n years
+Key is valid for? (0)
+Key does not expire at all
+Is this correct? (y/N) y
+
+GnuPG needs to construct a user ID to identify your key.
+
+Real name: Robert Burrell Donkin
+Email address: rdonkin@apache.org
+Comment: CODE SIGNING KEY
+You selected this USER-ID:
+ "Robert Burrell Donkin (CODE SIGNING KEY) <rd...@apache.org>"
+
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
+You need a Passphrase to protect your secret key.
+```
+
+<h4>Upload Key</h4>
-The last step is to update the KEYS file with your code signing key
-<a href="https://www.apache.org/dev/openpgp.html#export-public-key">https://www.apache.org/dev/openpgp.html#export-public-key</a>
+After generating the key, we should upload the public key to a <a href="https://infra.apache.org/release-signing.html#keyserver">public key server</a>.
+Upload the public key either by:
+
+(<b>Recommended</b>)
+First, export all public keys to ASCII-armored public key by
+```
+:::console
+$ gpg --export --armor
+```
+or export the specific public key if you know the <a href="https://infra.apache.org/release-signing.html#key-id">key ID</a>, e.g.,
+```
+:::console
+$ gpg --export --armor AD741727
Review comment:
Added an example of how to find the key id.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org
[GitHub] [spark-website] gengliangwang commented on a change in pull request #356: Improve the guideline of Preparing gpg key
Posted by GitBox <gi...@apache.org>.
gengliangwang commented on a change in pull request #356:
URL: https://github.com/apache/spark-website/pull/356#discussion_r696359512
##########
File path: release-process.md
##########
@@ -39,15 +39,79 @@ If you are a new Release Manager, you can read up on the process from the follow
You can skip this section if you have already uploaded your key.
-After generating the gpg key, you need to upload your key to a public key server. Please refer to
-<a href="https://www.apache.org/dev/openpgp.html#generate-key">https://www.apache.org/dev/openpgp.html#generate-key</a>
-for details.
+<h4>Generate Key</h4>
-If you want to do the release on another machine, you can transfer your secret key to that machine
-via the `gpg --export-secret-keys` and `gpg --import` commands.
+Here's an example of gpg 2.0.12. If you use gpg version 1 series, please refer to <a href="https://www.apache.org/dev/openpgp.html#generate-key">generate-key</a> for details.
+
+```
+:::console
+$ gpg --full-gen-key
+gpg (GnuPG) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc.
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Please select what kind of key you want:
+ (1) RSA and RSA (default)
+ (2) DSA and Elgamal
+ (3) DSA (sign only)
+ (4) RSA (sign only)
+Your selection? 1
+RSA keys may be between 1024 and 4096 bits long.
+What keysize do you want? (2048) 4096
+Requested keysize is 4096 bits
+Please specify how long the key should be valid.
+ 0 = key does not expire
+ <n> = key expires in n days
+ <n>w = key expires in n weeks
+ <n>m = key expires in n months
+ <n>y = key expires in n years
+Key is valid for? (0)
+Key does not expire at all
+Is this correct? (y/N) y
+
+GnuPG needs to construct a user ID to identify your key.
+
+Real name: Robert Burrell Donkin
+Email address: rdonkin@apache.org
+Comment: CODE SIGNING KEY
+You selected this USER-ID:
+ "Robert Burrell Donkin (CODE SIGNING KEY) <rd...@apache.org>"
+
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
+We need to generate a lot of random bytes. It is a good idea to perform
+some other action (type on the keyboard, move the mouse, utilize the
+disks) during the prime generation; this gives the random number
+generator a better chance to gain enough entropy.
+We need to generate a lot of random bytes. It is a good idea to perform
+some other action (type on the keyboard, move the mouse, utilize the
+disks) during the prime generation; this gives the random number
+generator a better chance to gain enough entropy.
+gpg: key 04B3B5C426A27D33 marked as ultimately trusted
+gpg: revocation certificate stored as '/home/ubuntu/.gnupg/openpgp-revocs.d/08071B1E23C8A7E2CA1E891A04B3B5C426A27D33.rev'
+public and secret key created and signed.
+
+pub rsa4096 2021-08-19 [SC]
+ 08071B1E23C8A7E2CA1E891A04B3B5C426A27D33
+uid Jack (test) <Ja...@mail.com>
+sub rsa4096 2021-08-19 [E]
+```
+
+Note that the last 8 digits (26A27D33) of the public key is the <a href="https://infra.apache.org/release-signing.html#key-id">key ID</a>.
+
+<h4>Upload Key</h4>
+
+After generating the public key, we should upload it to <a href="https://infra.apache.org/release-signing.html#keyserver">public key server</a>:
-The last step is to update the KEYS file with your code signing key
-<a href="https://www.apache.org/dev/openpgp.html#export-public-key">https://www.apache.org/dev/openpgp.html#export-public-key</a>
+```
+$ gpg --keyserver keys.openpgp.org --send-key 26A27D33
+```
+
+Please refer to <a href="https://infra.apache.org/release-signing.html#keyserver-upload">keyserver-upload</a> for details.
+
+<h4>Update KEYS file with your code signing key</h4>
+
+The code signing key is exactly the same with the ASCII-armored public key mentioned above.
Review comment:
The `ASCII-armored public key` seem not being mentioned anymore
##########
File path: release-process.md
##########
@@ -39,15 +39,79 @@ If you are a new Release Manager, you can read up on the process from the follow
You can skip this section if you have already uploaded your key.
-After generating the gpg key, you need to upload your key to a public key server. Please refer to
-<a href="https://www.apache.org/dev/openpgp.html#generate-key">https://www.apache.org/dev/openpgp.html#generate-key</a>
-for details.
+<h4>Generate Key</h4>
-If you want to do the release on another machine, you can transfer your secret key to that machine
-via the `gpg --export-secret-keys` and `gpg --import` commands.
+Here's an example of gpg 2.0.12. If you use gpg version 1 series, please refer to <a href="https://www.apache.org/dev/openpgp.html#generate-key">generate-key</a> for details.
+
+```
+:::console
+$ gpg --full-gen-key
+gpg (GnuPG) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc.
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Please select what kind of key you want:
+ (1) RSA and RSA (default)
+ (2) DSA and Elgamal
+ (3) DSA (sign only)
+ (4) RSA (sign only)
+Your selection? 1
+RSA keys may be between 1024 and 4096 bits long.
+What keysize do you want? (2048) 4096
+Requested keysize is 4096 bits
+Please specify how long the key should be valid.
+ 0 = key does not expire
+ <n> = key expires in n days
+ <n>w = key expires in n weeks
+ <n>m = key expires in n months
+ <n>y = key expires in n years
+Key is valid for? (0)
+Key does not expire at all
+Is this correct? (y/N) y
+
+GnuPG needs to construct a user ID to identify your key.
+
+Real name: Robert Burrell Donkin
+Email address: rdonkin@apache.org
+Comment: CODE SIGNING KEY
+You selected this USER-ID:
+ "Robert Burrell Donkin (CODE SIGNING KEY) <rd...@apache.org>"
+
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
+We need to generate a lot of random bytes. It is a good idea to perform
+some other action (type on the keyboard, move the mouse, utilize the
+disks) during the prime generation; this gives the random number
+generator a better chance to gain enough entropy.
+We need to generate a lot of random bytes. It is a good idea to perform
+some other action (type on the keyboard, move the mouse, utilize the
+disks) during the prime generation; this gives the random number
+generator a better chance to gain enough entropy.
+gpg: key 04B3B5C426A27D33 marked as ultimately trusted
+gpg: revocation certificate stored as '/home/ubuntu/.gnupg/openpgp-revocs.d/08071B1E23C8A7E2CA1E891A04B3B5C426A27D33.rev'
+public and secret key created and signed.
+
+pub rsa4096 2021-08-19 [SC]
+ 08071B1E23C8A7E2CA1E891A04B3B5C426A27D33
+uid Jack (test) <Ja...@mail.com>
+sub rsa4096 2021-08-19 [E]
+```
+
+Note that the last 8 digits (26A27D33) of the public key is the <a href="https://infra.apache.org/release-signing.html#key-id">key ID</a>.
+
+<h4>Upload Key</h4>
+
+After generating the public key, we should upload it to <a href="https://infra.apache.org/release-signing.html#keyserver">public key server</a>:
-The last step is to update the KEYS file with your code signing key
-<a href="https://www.apache.org/dev/openpgp.html#export-public-key">https://www.apache.org/dev/openpgp.html#export-public-key</a>
+```
+$ gpg --keyserver keys.openpgp.org --send-key 26A27D33
+```
+
+Please refer to <a href="https://infra.apache.org/release-signing.html#keyserver-upload">keyserver-upload</a> for details.
+
+<h4>Update KEYS file with your code signing key</h4>
+
+The code signing key is exactly the same with the ASCII-armored public key mentioned above.
Review comment:
The `ASCII-armored public key` seems not being mentioned anymore
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org
[GitHub] [spark-website] cloud-fan commented on a change in pull request #356: Improve the guideline of Preparing gpg key
Posted by GitBox <gi...@apache.org>.
cloud-fan commented on a change in pull request #356:
URL: https://github.com/apache/spark-website/pull/356#discussion_r693773768
##########
File path: release-process.md
##########
@@ -39,15 +39,90 @@ If you are a new Release Manager, you can read up on the process from the follow
You can skip this section if you have already uploaded your key.
-After generating the gpg key, you need to upload your key to a public key server. Please refer to
-<a href="https://www.apache.org/dev/openpgp.html#generate-key">https://www.apache.org/dev/openpgp.html#generate-key</a>
-for details.
+<h4>Generate Key</h4>
-If you want to do the release on another machine, you can transfer your secret key to that machine
-via the `gpg --export-secret-keys` and `gpg --import` commands.
+Here's an example of gpg 2.0.12. If you use gpg version 1 series, please refer to <a href="https://www.apache.org/dev/openpgp.html#generate-key">generate-key</a> for details.
+
+```
+:::console
+$ gpg --full-gen-key
+gpg (GnuPG) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc.
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Please select what kind of key you want:
+ (1) RSA and RSA (default)
+ (2) DSA and Elgamal
+ (3) DSA (sign only)
+ (4) RSA (sign only)
+Your selection? 1
+RSA keys may be between 1024 and 4096 bits long.
+What keysize do you want? (2048) 4096
+Requested keysize is 4096 bits
+Please specify how long the key should be valid.
+ 0 = key does not expire
+ <n> = key expires in n days
+ <n>w = key expires in n weeks
+ <n>m = key expires in n months
+ <n>y = key expires in n years
+Key is valid for? (0)
+Key does not expire at all
+Is this correct? (y/N) y
+
+GnuPG needs to construct a user ID to identify your key.
+
+Real name: Robert Burrell Donkin
+Email address: rdonkin@apache.org
+Comment: CODE SIGNING KEY
+You selected this USER-ID:
+ "Robert Burrell Donkin (CODE SIGNING KEY) <rd...@apache.org>"
+
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
+We need to generate a lot of random bytes. It is a good idea to perform
+some other action (type on the keyboard, move the mouse, utilize the
+disks) during the prime generation; this gives the random number
+generator a better chance to gain enough entropy.
+We need to generate a lot of random bytes. It is a good idea to perform
+some other action (type on the keyboard, move the mouse, utilize the
+disks) during the prime generation; this gives the random number
+generator a better chance to gain enough entropy.
+gpg: key 04B3B5C426A27D33 marked as ultimately trusted
+gpg: revocation certificate stored as '/home/ubuntu/.gnupg/openpgp-revocs.d/08071B1E23C8A7E2CA1E891A04B3B5C426A27D33.rev'
+public and secret key created and signed.
+
+pub rsa4096 2021-08-19 [SC]
+ 08071B1E23C8A7E2CA1E891A04B3B5C426A27D33
+uid Jack (test) <Ja...@mail.com>
+sub rsa4096 2021-08-19 [E]
+```
+
+Note that the last 8 digits (26A27D33) of the public key is the <a href="https://infra.apache.org/release-signing.html#key-id">key ID</a>.
-The last step is to update the KEYS file with your code signing key
-<a href="https://www.apache.org/dev/openpgp.html#export-public-key">https://www.apache.org/dev/openpgp.html#export-public-key</a>
+<h4>Upload Key</h4>
+
+After generating the public key, we should upload it to a <a href="https://infra.apache.org/release-signing.html#keyserver">public key server</a>.
+You can upload:
+
+either use gpg command:
+
+```
+$ gpg --keyserver keys.openpgp.org --send-key 26A27D33
+```
+
+or copy-paste the ASCII-armored public key to <a href="http://keyserver.ubuntu.com:11371/#submitKey">OpenPGP Keyserver</a>.
+The ASCII-armored public key can be generated by:
+
+```
+:::console
+$ gpg --export --armor 26A27D33
+```
+
+Please refer to <a href="https://infra.apache.org/release-signing.html#keyserver-upload">keyserver-upload</a> for details.
+
+<h4>Update KEYS file with your code signing key</h4>
+
+The code signing key is exactly the same with the ASCII-armored public key mentioned above.
+You should append it to <a href="https://dist.apache.org/repos/dist/dev/spark/KEYS">KEYS</a> by:
Review comment:
```suggestion
You should append it to the KEYS file by:
```
It doesn't seem necessary to add url for `KEYS`. People need to run the svn command below anyway.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org
[GitHub] [spark-website] Ngone51 commented on a change in pull request #356: Improve the guideline of Preparing gpg key
Posted by GitBox <gi...@apache.org>.
Ngone51 commented on a change in pull request #356:
URL: https://github.com/apache/spark-website/pull/356#discussion_r691834308
##########
File path: release-process.md
##########
@@ -39,15 +39,82 @@ If you are a new Release Manager, you can read up on the process from the follow
You can skip this section if you have already uploaded your key.
-After generating the gpg key, you need to upload your key to a public key server. Please refer to
-<a href="https://www.apache.org/dev/openpgp.html#generate-key">https://www.apache.org/dev/openpgp.html#generate-key</a>
-for details.
+<h4>Generate Key</h4>
-If you want to do the release on another machine, you can transfer your secret key to that machine
-via the `gpg --export-secret-keys` and `gpg --import` commands.
+Here's an example of gpg 2.0.12. If you use gpg version 1 series, please refer to <a href="https://www.apache.org/dev/openpgp.html#generate-key">generate-key</a> for details.
+
+```
+:::console
+$ gpg --full-gen-key
+gpg (GnuPG) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc.
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Please select what kind of key you want:
+ (1) RSA and RSA (default)
+ (2) DSA and Elgamal
+ (3) DSA (sign only)
+ (4) RSA (sign only)
+Your selection? 1
+RSA keys may be between 1024 and 4096 bits long.
+What keysize do you want? (2048) 4096
+Requested keysize is 4096 bits
+Please specify how long the key should be valid.
+ 0 = key does not expire
+ <n> = key expires in n days
+ <n>w = key expires in n weeks
+ <n>m = key expires in n months
+ <n>y = key expires in n years
+Key is valid for? (0)
+Key does not expire at all
+Is this correct? (y/N) y
+
+GnuPG needs to construct a user ID to identify your key.
+
+Real name: Robert Burrell Donkin
+Email address: rdonkin@apache.org
+Comment: CODE SIGNING KEY
+You selected this USER-ID:
+ "Robert Burrell Donkin (CODE SIGNING KEY) <rd...@apache.org>"
+
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
+You need a Passphrase to protect your secret key.
+```
+
+<h4>Upload Key</h4>
Review comment:
These are necessary steps that are abstracted from https://infra.apache.org/openpgp.html, which includes massive and too much irrelevant information.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org