You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@uima.apache.org by tw...@apache.org on 2007/01/24 17:45:25 UTC
svn commit: r499472 -
/incubator/uima/site/trunk/uima-website/docs/distribution.html
Author: twgoetz
Date: Wed Jan 24 08:45:24 2007
New Revision: 499472
URL: http://svn.apache.org/viewvc?view=rev&rev=499472
Log:
Jira UIMA-224: part 1: signing instructions for committers/release managers.
https://issues.apache.org/jira/browse/UIMA-224
Added:
incubator/uima/site/trunk/uima-website/docs/distribution.html
Added: incubator/uima/site/trunk/uima-website/docs/distribution.html
URL: http://svn.apache.org/viewvc/incubator/uima/site/trunk/uima-website/docs/distribution.html?view=auto&rev=499472
==============================================================================
--- incubator/uima/site/trunk/uima-website/docs/distribution.html (added)
+++ incubator/uima/site/trunk/uima-website/docs/distribution.html Wed Jan 24 08:45:24 2007
@@ -0,0 +1,321 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+
+<!--
+Copyright 1999-2004 The Apache Software Foundation
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+
+<!-- Content Stylesheet for Site -->
+
+
+<!-- start the processing -->
+ <!-- ====================================================================== -->
+ <!-- GENERATED FILE, DO NOT EDIT, EDIT THE XML FILE IN xdocs INSTEAD! -->
+ <!-- Main Page Section -->
+ <!-- ====================================================================== -->
+ <html>
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
+
+ <meta name="author" value="UIMA Documentation Team">
+ <meta name="email" value="uima-dev@incubator.apache.org">
+
+
+
+
+
+
+
+ <title>Apache UIMA - Creating Distributions</title>
+ </head>
+
+ <body bgcolor="#ffffff" text="#000000" link="#525D76">
+ <table border="0" width="100%" cellspacing="0">
+ <!-- TOP IMAGE -->
+ <tr>
+ <td align='LEFT'>
+ <td align="left">
+<a href="http://incubator.apache.org/"><img src="./images/apache-incubator-logo.png" alt="Apache UIMA" border="0"/></a>
+</td>
+ </td>
+ <td align='LEFT'>
+ <td width="80%" align="left" valign="bottom" bgcolor="#ffffff">
+ <font color="#625972" size="+3" face="arial,helvetica,sanserif">
+ <b>Creating Distributions</b>
+</font>
+</td>
+ </td>
+ </tr>
+ </table>
+ <table border="0" width="100%" cellspacing="4">
+ <tr><td colspan="2">
+ <hr noshade="" size="1"/>
+ </td></tr>
+
+ <tr>
+ <!-- LEFT SIDE NAVIGATION -->
+ <td width="20%" valign="top" nowrap="true">
+
+ <!-- special ACon Logo - leave here for next time
+ <a href="http://apachecon.com/2005/US/">
+ <img src="http://apache.org/images/ac2005us_blue_125x125.jpg" height="125"
+ width="125" border="0" alt="ApacheCon US 2005" />
+ </a> -->
+
+ <!-- regular menu -->
+
+
+ <!-- ============================================================ -->
+
+ <p><strong>General</strong></p>
+ <ul>
+ <li> <a href="./index.html">Home</a>
+</li>
+ <li> <a href="./news.html">News</a>
+</li>
+ <li> <a href="./license.html">License</a>
+</li>
+ <li> <a href="http://www.apache.org/">ASF</a>
+</li>
+ <li> <a href="./downloads.html">Downloads</a>
+</li>
+ <li> <a href="./javadoc.html">javadoc</a>
+</li>
+ </ul>
+ <p><strong>Community</strong></p>
+ <ul>
+ <li> <a href="./project-guidelines.html">Project Guidelines</a>
+</li>
+ <li> <a href="./contribution-policy.html">Contribution Policies</a>
+</li>
+ <li> <a href="./get-involved.html">Get Involved</a>
+</li>
+ <li> <a href="./team-list.html">Committers</a>
+</li>
+ <li> <a href="./mail-lists.html">Mailing Lists</a>
+</li>
+ <li> <a href="./documentation.html">Documentation</a>
+</li>
+ <li> <a href="./faq.html">FAQ</a>
+</li>
+ <li> <a href="http://cwiki.apache.org/UIMA/">Wiki</a>
+</li>
+ </ul>
+ <p><strong>Development</strong></p>
+ <ul>
+ <li> <a href="./svn.html">Source Code</a>
+</li>
+ <li> <a href="./svn.html#building.with.maven">Building with Maven</a>
+</li>
+ <li> <a href="./distribution.html">Creating a Distribution</a>
+</li>
+ <li> <a href="./sandbox.html">Sandbox</a>
+</li>
+ <li> <a href="./codeConventions.html">Code Conventions</a>
+</li>
+ <li> <a href="http://issues.apache.org/jira/browse/uima ">JIRA</a>
+</li>
+ <li> <a href="./uima-specification.html">UIMA Specification</a>
+</li>
+ </ul>
+ <p><strong>Conferences</strong></p>
+ <ul>
+ <li> <a href="./news.html#13 December 2006">ApacheCon 07 Europe</a>
+</li>
+ <li> <a href="./gldv07.html">GLDV 2007</a>
+</li>
+ </ul>
+ </td>
+ <td width="80%" align="left" valign="top">
+ <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#726982">
+ <font color="#ffffff" face="arial,helvetica,sanserif">
+ <a name="Building a distribution"><strong>Building a distribution</strong></a>
+ </font>
+ </td></tr>
+ <tr><td>
+ <blockquote>
+ <p>
+ To build a distribution, you will need to set up your Maven development environment as described
+ on the <a href="./svn.html">source code page</a>. Try extracting and building the code manually
+ as described there. Once you have all that working, you can build a distribution with the help
+ of the scripts in <code>uimaj-distr/src/main/build</code>. Start out in an empty directory and
+ run: <blockquote> <code>extractAndBuild.sh</code> </blockquote>
+ This will extract the source code from SVN, compile and run the tests, and finally build the
+ distribution artifacts. The final artifacts will end up in <code>trunk/uimaj-distr/target</code>.
+ </p>
+ </blockquote>
+ </p>
+ </td></tr>
+ <tr><td><br/></td></tr>
+ </table>
+
+ <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#726982">
+ <font color="#ffffff" face="arial,helvetica,sanserif">
+ <a name="Signing a distribution"><strong>Signing a distribution</strong></a>
+ </font>
+ </td></tr>
+ <tr><td>
+ <blockquote>
+ <p>
+ If you're not set up for creating PGP signatures, the first section tells you where to get the
+ necessary software, how to create a personal key and how to upload it to a key server. If you're
+ already set up with GnuPG or equivalent software, you can skip right to the next section.
+ </p>
+ <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#9289A2">
+ <font color="#ffffff" face="arial,helvetica,sanserif">
+ <a name="Getting started with release signing"><strong>Getting started with release signing</strong></a>
+ </font>
+ </td></tr>
+ <tr><td>
+ <blockquote>
+ <p>
+ Although you can follow the steps described here mechanically, it is preferable to have at least
+ a basic understanding of what it actually is you are doing. Here is a <a href="http://www.pgpi.org/doc/pgpintro/">
+ good introduction to PGP</a> and digital certificates. We recommend reading this document front-to-back.
+ There is also more general information on <a href="http://www.apache.org/dev/release-signing.html">
+ signing Apache releases</a>. More information is also available <a href="http://wiki.apache.org/incubator/SigningReleases">
+ on the wiki</a>. Some of that information is outdated, though, so take with a grain of salt.
+ The UIMA release signing script is based on the code from the wiki page.
+ </p>
+ <p>
+ Start by <a href="http://www.gnupg.org/download/">downloading GnuPG</a>. For the purposes of
+ release signing, it is sufficient to install the command line tools. After installing GnuPG,
+ create a public/private key pair with <blockquote><code>gpg --gen-key</code></blockquote>
+ This is pretty self-explanatory,
+ some more information is <a href="http://www.apache.org/dev/release-signing.html#generate">in the
+ release signing FAQ</a>. Make sure to remember the passphrase you choose when creating the key,
+ you will need it later for using your private key to sign the release.
+ </p>
+ <p>
+ You can now list your public key with the following command:
+ <blockquote><code>gpg --armor --export</code></blockquote>
+ The output will look like this:<blockquote>
+ <code>
+-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
+Version: GnuPG v1.4.6 (MingW32)<br />
+<br />
+mQGiBEWszKIRBACRscWnk1F408lWIZEgqx6OffiMtgApEVdl9UXXF2+DeS5WrHj0<br />
+1KDm9Q5Ir/o3f1qw7Il16Z496nDqmZHFKcrIgZvXcp5oCRE8sPMwdoy6X9kqVKug<br />
+...<br />
+-----END PGP PUBLIC KEY BLOCK-----
+ </code>
+ </blockquote>
+ There are two places this output needs to go: the UIMA KEYS file, and a public key server.
+ <ol>
+ <li>
+ Append your key (delimiting lines and all) to <code>uimaj-distr/src/main/readme/KEYS</code>.
+ You can optionally place your name above the key, but that is for documentation purposes only.
+ Don't forget to commit the KEYS file to SVN.
+ </li>
+ <li>
+ Upload your public key to <a href="http://pgp.mit.edu/">the MIT public key server</a> and any
+ other key server you think is appropriate (follow instructions on website).
+ </li>
+ </ol>
+ Your public key can later be used by our users to verify releases that you signed.
+ </p>
+ <p>
+ You're now set up to do the actual release signing, and we'll tell you how in the next section.
+ </p>
+ </blockquote>
+ </td></tr>
+ <tr><td><br/></td></tr>
+ </table>
+ <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#9289A2">
+ <font color="#ffffff" face="arial,helvetica,sanserif">
+ <a name="Signing a Apache UIMA Release"><strong>Signing a Apache UIMA Release</strong></a>
+ </font>
+ </td></tr>
+ <tr><td>
+ <blockquote>
+ <p>
+ You can use the script <code>uimaj-distr/src/main/build/signRelease.sh</code> to do the actual
+ release signing. The script generates three different kinds of signatures for each release
+ artifact. It is expected that any given user will use only one of those methods to verify the
+ integrity of a release artifact.
+ <ol>
+ <li>
+ A PGP ASCII-armored detached signature file. This is a hash/message digest encrypted by your
+ private key. The user can later use your public key to decrypt the message digest, which in
+ turn is used to verify that the corresponding release artifact has not been altered. Sounds
+ complicated, but is simple in practice. The command line for generating the signature file is
+ <blockquote><code>gpg --passphrase "Your passphrase" --output <artifact>.asc --detach-sig --armored <artifact></code></blockquote>
+ </li>
+ <li>
+ A MD5 message digest. This is a checksum a user can use to check the integrity of the
+ download. There are various tools to create MD5 checksums. Since we're using gpg anyway, here's
+ the gpg way: <blockquote><code>gpg --print-md MD5 <artifact>.md5</code></blockquote>
+ </li>
+ <li>
+ A SHA1 message digest. This is a checksum a user can use to check the integrity of the
+ download. Here's how to create a SHA1 checksum with gpg: <blockquote><code>gpg --print-md SHA1 <artifact>.sha1</code></blockquote>
+ </li>
+ </ol>
+ </p>
+ <p>
+ To use the signing script mentioned above, <code>cd</code> to the directory with your release
+ artifacts and run: <blockquote> <code>signRelease.sh <release> <passphrase></code> </blockquote>
+ So for example: <blockquote> <code>signRelease.sh uimaj-2.1.0 "Your passphrase in quotes"</code> </blockquote>
+ </p>
+ </blockquote>
+ </td></tr>
+ <tr><td><br/></td></tr>
+ </table>
+ </blockquote>
+ </p>
+ </td></tr>
+ <tr><td><br/></td></tr>
+ </table>
+
+ </td>
+ </tr>
+
+ <!-- FOOTER -->
+ <tr><td colspan="2">
+ <hr noshade="" size="1"/>
+ </td></tr>
+ <tr><td colspan="2">
+ <div align="center"><font color="#525D76" size="-1"><em>
+ Copyright © 2003-2006, The Apache Software Foundation
+ </em></font></div>
+ </td></tr>
+ </table>
+ </body>
+ </html>
+<!-- end the processing -->
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+