You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@beam.apache.org by al...@apache.org on 2019/03/11 20:53:10 UTC

[beam] branch master updated: [BEAM-6726] explicitly specify signing key

This is an automated email from the ASF dual-hosted git repository.

altay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/beam.git


The following commit(s) were added to refs/heads/master by this push:
     new cd58019  [BEAM-6726] explicitly specify signing key
     new d763703  Merge pull request #8026 from adude3141/BEAM-6726
cd58019 is described below

commit cd58019a68a348c665fe0f541d1afaf06ff05f32
Author: Michael Luckey <25...@users.noreply.github.com>
AuthorDate: Sun Mar 10 23:42:12 2019 +0100

    [BEAM-6726] explicitly specify signing key
---
 release/src/main/scripts/build_release_candidate.sh | 14 +++++++++++---
 release/src/main/scripts/sign_hash_python_wheels.sh |  8 +++++++-
 release/src/main/scripts/verify_release_build.sh    |  1 -
 3 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/release/src/main/scripts/build_release_candidate.sh b/release/src/main/scripts/build_release_candidate.sh
index c9794e9..c9e5139 100755
--- a/release/src/main/scripts/build_release_candidate.sh
+++ b/release/src/main/scripts/build_release_candidate.sh
@@ -56,12 +56,19 @@ read USER_GITHUB_ID
 
 USER_REMOTE_URL=git@github.com:${USER_GITHUB_ID}/beam-site
 
+echo "================Listing all GPG keys================="
+gpg --list-keys --keyid-format LONG --fingerprint --fingerprint
+echo "Please copy the public key which is associated with your Apache account:"
+
+read SIGNING_KEY
+
 echo "================Checking Environment Variables=============="
 echo "beam repo will be cloned into: ${LOCAL_CLONE_DIR}"
 echo "working on release version: ${RELEASE}"
 echo "working on release branch: ${RELEASE_BRANCH}"
 echo "will create release candidate: RC${RC_NUM}"
 echo "Your forked beam-site URL: ${USER_REMOTE_URL}"
+echo "Your signing key: ${SIGNING_KEY}"
 echo "Please review all environment variables and confirm: [y|N]"
 read confirmation
 if [[ $confirmation != "y" ]]; then
@@ -98,7 +105,8 @@ if [[ $confirmation = "y" ]]; then
   echo "2. new rc tag has created in github."
 
   echo "-------------Staging Java Artifacts into Maven---------------"
-  ./gradlew publish -PisRelease --no-daemon
+  gpg --local-user ${SIGNING_KEY} --output /dev/null --sign ~/.bashrc
+  ./gradlew publish -Psigning.gnupg.keyName=${SIGNING_KEY} -PisRelease --no-daemon
   echo "Please review all artifacts in staging URL. e.g. https://repository.apache.org/content/repositories/orgapachebeam-NNNN/"
   rm -rf ~/${LOCAL_CLONE_DIR}
 fi
@@ -130,7 +138,7 @@ if [[ $confirmation = "y" ]]; then
   wget ${GIT_BEAM_ARCHIVE}/release-${RELEASE}.zip  -O "${SOURCE_RELEASE_ZIP}"
 
   echo "----Signing Source Release ${SOURCE_RELEASE_ZIP}-----"
-  gpg --armor --detach-sig "${SOURCE_RELEASE_ZIP}"
+  gpg --local-user ${SIGNING_KEY} --armor --detach-sig "${SOURCE_RELEASE_ZIP}"
 
   echo "----Creating Hash Value for ${SOURCE_RELEASE_ZIP}----"
   sha512sum ${SOURCE_RELEASE_ZIP} > ${SOURCE_RELEASE_ZIP}.sha512
@@ -171,7 +179,7 @@ if [[ $confirmation = "y" ]]; then
   cd beam/${RELEASE}/${PYTHON_ARTIFACTS_DIR}
 
   echo "------Signing Source Release apache-beam-${RELEASE}.zip------"
-  gpg --armor --detach-sig apache-beam-${RELEASE}.zip
+  gpg --local-user ${SIGNING_KEY} --armor --detach-sig apache-beam-${RELEASE}.zip
 
   echo "------Creating Hash Value for apache-beam-${RELEASE}.zip------"
   sha512sum apache-beam-${RELEASE}.zip > apache-beam-${RELEASE}.zip.sha512
diff --git a/release/src/main/scripts/sign_hash_python_wheels.sh b/release/src/main/scripts/sign_hash_python_wheels.sh
index 5168189..d521ca4 100755
--- a/release/src/main/scripts/sign_hash_python_wheels.sh
+++ b/release/src/main/scripts/sign_hash_python_wheels.sh
@@ -36,6 +36,12 @@ fi
 echo "[Input Required] Please enter the release version:"
 read VERSION
 
+echo "================Listing all GPG keys================="
+gpg --list-keys --keyid-format LONG --fingerprint --fingerprint
+echo "Please copy the public key which is associated with your Apache account:"
+
+read SIGNING_KEY
+
 cd ~
 if [[ -d ${VERSION} ]]; then
   rm -rf ${VERSION}
@@ -47,7 +53,7 @@ echo "Start signing and hashing python wheels artifacts"
 rm *.whl.asc || true
 rm *.whl.sha512 ||true
 for artifact in *.whl; do
-  gpg --armor --detach-sig $artifact
+  gpg --local-user ${SIGNING_KEY} --armor --detach-sig $artifact
   sha512sum $artifact > ${artifact}.sha512
 done
 svn add --force *
diff --git a/release/src/main/scripts/verify_release_build.sh b/release/src/main/scripts/verify_release_build.sh
index 50b2c65..d8164cf 100755
--- a/release/src/main/scripts/verify_release_build.sh
+++ b/release/src/main/scripts/verify_release_build.sh
@@ -137,7 +137,6 @@ echo "==============================================================="
 echo "======================Starting Release Build==================="
 git clean -fdx
 ./gradlew clean
-gpg --output ~/doc.sig --sign ~/.bashrc
 # If build fails, we want to catch as much errors as possible once.
 ./gradlew build -PisRelease --scan --stacktrace --no-parallel --continue
 echo "==============================================================="