You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tubemq.apache.org by gx...@apache.org on 2020/07/27 03:41:53 UTC

[incubator-tubemq-website] branch TUBEMQ-301 created (now 8595f98)

This is an automated email from the ASF dual-hosted git repository.

gxcheng pushed a change to branch TUBEMQ-301
in repository https://gitbox.apache.org/repos/asf/incubator-tubemq-website.git.


      at 8595f98  [TUBEMQ-301] [website] Update how-to-release/how-to-verify(addendum)

This branch includes the following new commits:

     new 8595f98  [TUBEMQ-301] [website] Update how-to-release/how-to-verify(addendum)

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[incubator-tubemq-website] 01/01: [TUBEMQ-301] [website] Update how-to-release/how-to-verify(addendum)

Posted by gx...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

gxcheng pushed a commit to branch TUBEMQ-301
in repository https://gitbox.apache.org/repos/asf/incubator-tubemq-website.git

commit 8595f9825ed12343c62b8481643fbbc7297d0d75
Author: Guangxu Cheng <gx...@apache.org>
AuthorDate: Mon Jul 27 11:40:59 2020 +0800

    [TUBEMQ-301] [website] Update how-to-release/how-to-verify(addendum)
---
 docs/en-us/development/how-to-release.md |  2 +-
 docs/en-us/development/how-to-verify.md  | 60 ++++++++++++++++++++++++++++++--
 docs/zh-cn/development/how-to-release.md |  2 +-
 docs/zh-cn/development/how-to-verify.md  | 60 ++++++++++++++++++++++++++++++--
 4 files changed, 116 insertions(+), 8 deletions(-)

diff --git a/docs/en-us/development/how-to-release.md b/docs/en-us/development/how-to-release.md
index 8cda0a8..c51fc13 100644
--- a/docs/en-us/development/how-to-release.md
+++ b/docs/en-us/development/how-to-release.md
@@ -408,7 +408,7 @@ Hello Incubator Community,
     • https://github.com/apache/incubator-tubemq/tree/${release_version}-${rc_version}
 
     Release notes:
-    • https://github.com/apache/incubator-tubemq/releases/tag/${release_version}
+    • https://github.com/apache/incubator-tubemq/releases/tag/${release_version}-${rc_version}
 
     The artifacts signed with PGP key [填写你个人的KEY], corresponding to [填写你个人的邮箱], that can be found in keys file:
     • https://dist.apache.org/repos/dist/dev/incubator/tubemq/KEYS
diff --git a/docs/en-us/development/how-to-verify.md b/docs/en-us/development/how-to-verify.md
index ed8d905..e8dae4d 100644
--- a/docs/en-us/development/how-to-verify.md
+++ b/docs/en-us/development/how-to-verify.md
@@ -26,9 +26,63 @@ svn co https://dist.apache.org/repos/dist/dev/incubator/tubemq/${release_version
 ### 2.2 检查gpg签名
   - 导入公钥
   ```shell
-  curl https://dist.apache.org/repos/dist/dev/tubemq/KEYS >> KEYS # 下载KEYS
+  curl https://dist.apache.org/repos/dist/dev/incubator/tubemq/KEYS > KEYS # 下载KEYS
   gpg --import KEYS # 导入KEYS到本地
   ```
+  - 信任公钥
+  > 信任此次版本所使用的KEY
+  ```shell
+    gpg --edit-key xxxxxxxxxx #此次版本所使用的KEY
+    gpg (GnuPG) 2.2.21; Copyright (C) 2020 Free Software Foundation, Inc.
+    This is free software: you are free to change and redistribute it.
+    There is NO WARRANTY, to the extent permitted by law.
+    
+    Secret key is available.
+    
+    sec  rsa4096/5EF3A66D57EC647A
+         created: 2020-05-19  expires: never       usage: SC  
+         trust: ultimate      validity: ultimate
+    ssb  rsa4096/17628566FEED6AF7
+         created: 2020-05-19  expires: never       usage: E   
+    [ultimate] (1). Guangxu Cheng <gx...@apache.org>
+    
+    gpg> trust #信任
+    sec  rsa4096/5EF3A66D57EC647A
+         created: 2020-05-19  expires: never       usage: SC  
+         trust: ultimate      validity: ultimate
+    ssb  rsa4096/17628566FEED6AF7
+         created: 2020-05-19  expires: never       usage: E   
+    [ultimate] (1). Guangxu Cheng <gx...@apache.org>
+    
+    Please decide how far you trust this user to correctly verify other users' keys
+    (by looking at passports, checking fingerprints from different sources, etc.)
+    
+      1 = I don't know or won't say
+      2 = I do NOT trust
+      3 = I trust marginally
+      4 = I trust fully
+      5 = I trust ultimately
+      m = back to the main menu
+    
+    Your decision? 5 #选择5
+    Do you really want to set this key to ultimate trust? (y/N) y #选择y
+                                                                 
+    sec  rsa4096/5EF3A66D57EC647A
+         created: 2020-05-19  expires: never       usage: SC  
+         trust: ultimate      validity: ultimate
+    ssb  rsa4096/17628566FEED6AF7
+         created: 2020-05-19  expires: never       usage: E   
+    [ultimate] (1). Guangxu Cheng <gx...@apache.org>
+    
+    gpg> 
+         
+    sec  rsa4096/5EF3A66D57EC647A
+         created: 2020-05-19  expires: never       usage: SC  
+         trust: ultimate      validity: ultimate
+    ssb  rsa4096/17628566FEED6AF7
+         created: 2020-05-19  expires: never       usage: E   
+    [ultimate] (1). Guangxu Cheng <gx...@apache.org>
+  ```
   - 使用如下命令检查签名
   ```shell
   for i in *.tar.gz; do echo $i; gpg --verify $i.asc $i ; done
@@ -39,7 +93,7 @@ svn co https://dist.apache.org/repos/dist/dev/incubator/tubemq/${release_version
   gpg --verify apache-tubemq-client-${release_version}-bin.tar.gz.asc apache-tubemq-client-${release_version}-bin.tar.gz
 ```
   - 检查结果
-出现类似以下内容则说明签名正确，关键字：`Good signature`
+  > 出现类似以下内容则说明签名正确，关键字：**`Good signature`**
 ```shell
 apache-tubemq-0.3.0-incubating-src.tar.gz
 gpg: Signature made Sat May 30 11:45:01 2020 CST
@@ -79,4 +133,4 @@ for i in *.tar.gz.sha512; do echo $i; sha512sum -c $i; done
   - 能否正常部署成功
   - 部署测试环境、验证生产消费能否正常运行
   - 验证你认为可能会出问题的地方
-  - ....
+  - ....
\ No newline at end of file
diff --git a/docs/zh-cn/development/how-to-release.md b/docs/zh-cn/development/how-to-release.md
index cf23436..4d0434c 100644
--- a/docs/zh-cn/development/how-to-release.md
+++ b/docs/zh-cn/development/how-to-release.md
@@ -405,7 +405,7 @@ Hello Incubator Community,
     • https://github.com/apache/incubator-tubemq/tree/${release_version}-${rc_version}
 
     Release notes:
-    • https://github.com/apache/incubator-tubemq/releases/tag/${release_version}
+    • https://github.com/apache/incubator-tubemq/releases/tag/${release_version}-${rc_version}
 
     The artifacts signed with PGP key [填写你个人的KEY], corresponding to [填写你个人的邮箱], that can be found in keys file:
     • https://dist.apache.org/repos/dist/dev/incubator/tubemq/KEYS
diff --git a/docs/zh-cn/development/how-to-verify.md b/docs/zh-cn/development/how-to-verify.md
index 6294e70..bb26b29 100644
--- a/docs/zh-cn/development/how-to-verify.md
+++ b/docs/zh-cn/development/how-to-verify.md
@@ -24,9 +24,63 @@ svn co https://dist.apache.org/repos/dist/dev/incubator/tubemq/${release_version
 ### 2.2 检查gpg签名
   - 导入公钥
   ```shell
-  curl https://dist.apache.org/repos/dist/dev/tubemq/KEYS >> KEYS # 下载KEYS
+  curl https://dist.apache.org/repos/dist/dev/incubator/tubemq/KEYS > KEYS # 下载KEYS
   gpg --import KEYS # 导入KEYS到本地
   ```
+  - 信任公钥
+  > 信任此次版本所使用的KEY
+  ```shell
+    gpg --edit-key xxxxxxxxxx #此次版本所使用的KEY
+    gpg (GnuPG) 2.2.21; Copyright (C) 2020 Free Software Foundation, Inc.
+    This is free software: you are free to change and redistribute it.
+    There is NO WARRANTY, to the extent permitted by law.
+    
+    Secret key is available.
+    
+    sec  rsa4096/5EF3A66D57EC647A
+         created: 2020-05-19  expires: never       usage: SC  
+         trust: ultimate      validity: ultimate
+    ssb  rsa4096/17628566FEED6AF7
+         created: 2020-05-19  expires: never       usage: E   
+    [ultimate] (1). Guangxu Cheng <gx...@apache.org>
+    
+    gpg> trust #信任
+    sec  rsa4096/5EF3A66D57EC647A
+         created: 2020-05-19  expires: never       usage: SC  
+         trust: ultimate      validity: ultimate
+    ssb  rsa4096/17628566FEED6AF7
+         created: 2020-05-19  expires: never       usage: E   
+    [ultimate] (1). Guangxu Cheng <gx...@apache.org>
+    
+    Please decide how far you trust this user to correctly verify other users' keys
+    (by looking at passports, checking fingerprints from different sources, etc.)
+    
+      1 = I don't know or won't say
+      2 = I do NOT trust
+      3 = I trust marginally
+      4 = I trust fully
+      5 = I trust ultimately
+      m = back to the main menu
+    
+    Your decision? 5 #选择5
+    Do you really want to set this key to ultimate trust? (y/N) y #选择y
+                                                                 
+    sec  rsa4096/5EF3A66D57EC647A
+         created: 2020-05-19  expires: never       usage: SC  
+         trust: ultimate      validity: ultimate
+    ssb  rsa4096/17628566FEED6AF7
+         created: 2020-05-19  expires: never       usage: E   
+    [ultimate] (1). Guangxu Cheng <gx...@apache.org>
+    
+    gpg> 
+         
+    sec  rsa4096/5EF3A66D57EC647A
+         created: 2020-05-19  expires: never       usage: SC  
+         trust: ultimate      validity: ultimate
+    ssb  rsa4096/17628566FEED6AF7
+         created: 2020-05-19  expires: never       usage: E   
+    [ultimate] (1). Guangxu Cheng <gx...@apache.org>
+  ```
   - 使用如下命令检查签名
   ```shell
   for i in *.tar.gz; do echo $i; gpg --verify $i.asc $i ; done
@@ -37,7 +91,7 @@ svn co https://dist.apache.org/repos/dist/dev/incubator/tubemq/${release_version
   gpg --verify apache-tubemq-client-${release_version}-bin.tar.gz.asc apache-tubemq-client-${release_version}-bin.tar.gz
 ```
   - 检查结果
-出现类似以下内容则说明签名正确，关键字：`Good signature`
+  > 出现类似以下内容则说明签名正确，关键字：**`Good signature`**
 ```shell
 apache-tubemq-0.3.0-incubating-src.tar.gz
 gpg: Signature made Sat May 30 11:45:01 2020 CST
@@ -77,4 +131,4 @@ for i in *.tar.gz.sha512; do echo $i; sha512sum -c $i; done
   - 能否正常部署成功
   - 部署测试环境、验证生产消费能否正常运行
   - 验证你认为可能会出问题的地方
-  - ....
+  - ....
\ No newline at end of file