You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@beam.apache.org by al...@apache.org on 2019/03/11 20:53:10 UTC
[beam] branch master updated: [BEAM-6726] explicitly specify
signing key
This is an automated email from the ASF dual-hosted git repository.
altay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/beam.git
The following commit(s) were added to refs/heads/master by this push:
new cd58019 [BEAM-6726] explicitly specify signing key
new d763703 Merge pull request #8026 from adude3141/BEAM-6726
cd58019 is described below
commit cd58019a68a348c665fe0f541d1afaf06ff05f32
Author: Michael Luckey <25...@users.noreply.github.com>
AuthorDate: Sun Mar 10 23:42:12 2019 +0100
[BEAM-6726] explicitly specify signing key
---
release/src/main/scripts/build_release_candidate.sh | 14 +++++++++++---
release/src/main/scripts/sign_hash_python_wheels.sh | 8 +++++++-
release/src/main/scripts/verify_release_build.sh | 1 -
3 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/release/src/main/scripts/build_release_candidate.sh b/release/src/main/scripts/build_release_candidate.sh
index c9794e9..c9e5139 100755
--- a/release/src/main/scripts/build_release_candidate.sh
+++ b/release/src/main/scripts/build_release_candidate.sh
@@ -56,12 +56,19 @@ read USER_GITHUB_ID
USER_REMOTE_URL=git@github.com:${USER_GITHUB_ID}/beam-site
+echo "================Listing all GPG keys================="
+gpg --list-keys --keyid-format LONG --fingerprint --fingerprint
+echo "Please copy the public key which is associated with your Apache account:"
+
+read SIGNING_KEY
+
echo "================Checking Environment Variables=============="
echo "beam repo will be cloned into: ${LOCAL_CLONE_DIR}"
echo "working on release version: ${RELEASE}"
echo "working on release branch: ${RELEASE_BRANCH}"
echo "will create release candidate: RC${RC_NUM}"
echo "Your forked beam-site URL: ${USER_REMOTE_URL}"
+echo "Your signing key: ${SIGNING_KEY}"
echo "Please review all environment variables and confirm: [y|N]"
read confirmation
if [[ $confirmation != "y" ]]; then
@@ -98,7 +105,8 @@ if [[ $confirmation = "y" ]]; then
echo "2. new rc tag has created in github."
echo "-------------Staging Java Artifacts into Maven---------------"
- ./gradlew publish -PisRelease --no-daemon
+ gpg --local-user ${SIGNING_KEY} --output /dev/null --sign ~/.bashrc
+ ./gradlew publish -Psigning.gnupg.keyName=${SIGNING_KEY} -PisRelease --no-daemon
echo "Please review all artifacts in staging URL. e.g. https://repository.apache.org/content/repositories/orgapachebeam-NNNN/"
rm -rf ~/${LOCAL_CLONE_DIR}
fi
@@ -130,7 +138,7 @@ if [[ $confirmation = "y" ]]; then
wget ${GIT_BEAM_ARCHIVE}/release-${RELEASE}.zip -O "${SOURCE_RELEASE_ZIP}"
echo "----Signing Source Release ${SOURCE_RELEASE_ZIP}-----"
- gpg --armor --detach-sig "${SOURCE_RELEASE_ZIP}"
+ gpg --local-user ${SIGNING_KEY} --armor --detach-sig "${SOURCE_RELEASE_ZIP}"
echo "----Creating Hash Value for ${SOURCE_RELEASE_ZIP}----"
sha512sum ${SOURCE_RELEASE_ZIP} > ${SOURCE_RELEASE_ZIP}.sha512
@@ -171,7 +179,7 @@ if [[ $confirmation = "y" ]]; then
cd beam/${RELEASE}/${PYTHON_ARTIFACTS_DIR}
echo "------Signing Source Release apache-beam-${RELEASE}.zip------"
- gpg --armor --detach-sig apache-beam-${RELEASE}.zip
+ gpg --local-user ${SIGNING_KEY} --armor --detach-sig apache-beam-${RELEASE}.zip
echo "------Creating Hash Value for apache-beam-${RELEASE}.zip------"
sha512sum apache-beam-${RELEASE}.zip > apache-beam-${RELEASE}.zip.sha512
diff --git a/release/src/main/scripts/sign_hash_python_wheels.sh b/release/src/main/scripts/sign_hash_python_wheels.sh
index 5168189..d521ca4 100755
--- a/release/src/main/scripts/sign_hash_python_wheels.sh
+++ b/release/src/main/scripts/sign_hash_python_wheels.sh
@@ -36,6 +36,12 @@ fi
echo "[Input Required] Please enter the release version:"
read VERSION
+echo "================Listing all GPG keys================="
+gpg --list-keys --keyid-format LONG --fingerprint --fingerprint
+echo "Please copy the public key which is associated with your Apache account:"
+
+read SIGNING_KEY
+
cd ~
if [[ -d ${VERSION} ]]; then
rm -rf ${VERSION}
@@ -47,7 +53,7 @@ echo "Start signing and hashing python wheels artifacts"
rm *.whl.asc || true
rm *.whl.sha512 ||true
for artifact in *.whl; do
- gpg --armor --detach-sig $artifact
+ gpg --local-user ${SIGNING_KEY} --armor --detach-sig $artifact
sha512sum $artifact > ${artifact}.sha512
done
svn add --force *
diff --git a/release/src/main/scripts/verify_release_build.sh b/release/src/main/scripts/verify_release_build.sh
index 50b2c65..d8164cf 100755
--- a/release/src/main/scripts/verify_release_build.sh
+++ b/release/src/main/scripts/verify_release_build.sh
@@ -137,7 +137,6 @@ echo "==============================================================="
echo "======================Starting Release Build==================="
git clean -fdx
./gradlew clean
-gpg --output ~/doc.sig --sign ~/.bashrc
# If build fails, we want to catch as much errors as possible once.
./gradlew build -PisRelease --scan --stacktrace --no-parallel --continue
echo "==============================================================="