You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tuscany.apache.org by co...@apache.org on 2010/05/27 11:06:00 UTC
[CONF] Apache Tuscany Docs 2.x > Create Signing Key
Space: Apache Tuscany Docs 2.x (http://cwiki.apache.org/confluence/display/TUSCANYxDOCx2x)
Page: Create Signing Key (http://cwiki.apache.org/confluence/display/TUSCANYxDOCx2x/Create+Signing+Key)
Added by kelvin goodson:
---------------------------------------------------------------------
{section:border=false}{column:width=15%}
{include: Menus}{column}{column:width=85%}
h3. Create a code signing key
Install [GNU GPG|http://www.gnupg.org/]
Create a gpg config file eg c:\gpg\conf\gpg.conf with this contents:
utf8-strings
keyserver x-hkp://pgp.surfnet.nl/
default-cert-check-level 3
keyserver-options auto-key-retrieve include-subkeys
no-mangle-dos-filenames
no-secmem-warning
Set the GNUPGHOME environment var to point to that: set GNUPGHOME=\gpg\conf
gpg \--gen-key
accept all defaults, use your apache email and a comment like "Code Signing Key", eg:
Real name: Ant Elder
Email address: antelder@apache.org
Comment: Code Signing Key
Use long hard to guess passphrase with numbers and miss spellings etc
now should be able to show that key with: gpg \--list-keys
C:\>gpg \--list-keys
/gpgtest/conf\pubring.gpg
\------------------------\-
pub 1024D/481240F5 2007-06-28
uid Ant Elder (Code Signing Key) <an...@apache.org>
sub 2048g/F6F122B8 2007-06-28
Upload that to a key server using the keyid, eg gpg \--send-key 481240F5
Now if you go to [http://pgp.surfnet.nl/] you should be able to search for you name and find the uploaded key
Add this key to the KEYS file in the Tuscany SVN: [https://svn.apache.org/repos/asf/incubator/tuscany/KEYS]
eg, check out the KEYS file then update with:
(gpg \--list-sigs antelder@apache.org && gpg \--armor \--export antelder@apache.org) >> KEYS
{column}
{section}
Change your notification preferences: http://cwiki.apache.org/confluence/users/viewnotifications.action