gengliangwang commented on a change in pull request #356: URL: https://github.com/apache/spark-website/pull/356#discussion_r692174007
########## File path: release-process.md ########## @@ -39,15 +39,90 @@ If you are a new Release Manager, you can read up on the process from the follow You can skip this section if you have already uploaded your key. -After generating the gpg key, you need to upload your key to a public key server. Please refer to -<a href="https://www.apache.org/dev/openpgp.html#generate-key";>https://www.apache.org/dev/openpgp.html#generate-key</a> -for details. +<h4>Generate Key</h4> -If you want to do the release on another machine, you can transfer your secret key to that machine -via the `gpg --export-secret-keys` and `gpg --import` commands. +Here's an example of gpg 2.0.12. If you use gpg version 1 series, please refer to <a href="https://www.apache.org/dev/openpgp.html#generate-key";>generate-key</a> for details. + +``` +:::console +$ gpg --full-gen-key +gpg (GnuPG) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc. +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. + +Please select what kind of key you want: + (1) RSA and RSA (default) + (2) DSA and Elgamal + (3) DSA (sign only) + (4) RSA (sign only) +Your selection? 1 +RSA keys may be between 1024 and 4096 bits long. +What keysize do you want? (2048) 4096 +Requested keysize is 4096 bits +Please specify how long the key should be valid. + 0 = key does not expire + <n> = key expires in n days + <n>w = key expires in n weeks + <n>m = key expires in n months + <n>y = key expires in n years +Key is valid for? (0) +Key does not expire at all +Is this correct? (y/N) y + +GnuPG needs to construct a user ID to identify your key. + +Real name: Robert Burrell Donkin +Email address: rdon...@apache.org +Comment: CODE SIGNING KEY +You selected this USER-ID: + "Robert Burrell Donkin (CODE SIGNING KEY) <rdon...@apache.org>" + +Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O +We need to generate a lot of random bytes. It is a good idea to perform +some other action (type on the keyboard, move the mouse, utilize the +disks) during the prime generation; this gives the random number +generator a better chance to gain enough entropy. +We need to generate a lot of random bytes. It is a good idea to perform +some other action (type on the keyboard, move the mouse, utilize the +disks) during the prime generation; this gives the random number +generator a better chance to gain enough entropy. +gpg: key 04B3B5C426A27D33 marked as ultimately trusted +gpg: revocation certificate stored as '/home/ubuntu/.gnupg/openpgp-revocs.d/08071B1E23C8A7E2CA1E891A04B3B5C426A27D33.rev' +public and secret key created and signed. + +pub rsa4096 2021-08-19 [SC] + 08071B1E23C8A7E2CA1E891A04B3B5C426A27D33 +uid Jack (test) <j...@mail.com> +sub rsa4096 2021-08-19 [E] +``` + +Note that the last 8 digits (26A27D33) of the public key is the <a href="https://infra.apache.org/release-signing.html#key-id";>key ID</a>. -The last step is to update the KEYS file with your code signing key -<a href="https://www.apache.org/dev/openpgp.html#export-public-key";>https://www.apache.org/dev/openpgp.html#export-public-key</a> +<h4>Upload Key</h4> + +After generating the public key, we should upload it to a <a href="https://infra.apache.org/release-signing.html#keyserver";>public key server</a>. +You can upload: + +either use gpg command: + +``` +$ gpg --send-key 26A27D33 --keyserver keys.openpgp.org Review comment: nit: change the order of param so that it is easier to modify the key name ``` gpg --keyserver keys.openpgp.org --send-key 26A27D33 ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org For additional commands, e-mail: commits-h...@spark.apache.org
