You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by larry mccay <lm...@apache.org> on 2016/01/30 15:32:26 UTC

Signature Verification Script

Hey Guys -

Here is a scriptified version of the release process instructions for
verifying the signatures of the release candidate.

gpg --verify knox-$1-src.zip.asc knox-$1-src.zip
gpg --verify knox-$1.zip.asc knox-$1.zip
gpg --verify knox-$1.tar.gz.asc knox-$1.tar.gz
cat knox-$1-src.zip.sha && openssl sha1 knox-$1-src.zip
cat knox-$1.zip.sha && openssl sha1 knox-$1.zip
cat knox-$1.tar.gz.sha && openssl sha1 knox-$1.tar.gz
cat knox-$1-src.zip.md5 && openssl md5 knox-$1-src.zip
cat knox-$1.zip.md5 && openssl md5 knox-$1.zip
cat knox-$1.tar.gz.md5 && openssl md5 knox-$1.tar.gz

Example:

bash-3.2$ ~/bin/verifyrc 0.8.0
gpg: Signature made Fri Jan 29 19:40:55 2016 EST using RSA key ID 587C089B
gpg: Good signature from "Larry McCay (CODE SIGNING KEY) <lmccay@apache.org
>"
gpg: Signature made Fri Jan 29 19:40:54 2016 EST using RSA key ID 587C089B
gpg: Good signature from "Larry McCay (CODE SIGNING KEY) <lmccay@apache.org
>"
gpg: Signature made Fri Jan 29 19:40:55 2016 EST using RSA key ID 587C089B
gpg: Good signature from "Larry McCay (CODE SIGNING KEY) <lmccay@apache.org
>"
c62ab779c3f13f54035d6d069871581e0525680a
SHA1(knox-0.8.0-src.zip)= c62ab779c3f13f54035d6d069871581e0525680a
de5ef273d1f3e48872b73fdb97fb38eba500e416
SHA1(knox-0.8.0.zip)= de5ef273d1f3e48872b73fdb97fb38eba500e416
f9d6463fc2e61b6375cc9ef73f2e579fdd0c6dc1
SHA1(knox-0.8.0.tar.gz)= f9d6463fc2e61b6375cc9ef73f2e579fdd0c6dc1
1a8f68a6c0ef883369efe6439489c150
MD5(knox-0.8.0-src.zip)= 1a8f68a6c0ef883369efe6439489c150
71487f29e1474620c43320676518e651
MD5(knox-0.8.0.zip)= 71487f29e1474620c43320676518e651
96d763c2c8a4dc17cfc525eb6be9688e
MD5(knox-0.8.0.tar.gz)= 96d763c2c8a4dc17cfc525eb6be9688e

Should say some copy and paste and replacing of placeholders.

Enjoy.

--lar