It's a great script. I highly recommend it.
Wendy Smoak wrote:
On 2/25/07, Ted Husted <[EMAIL PROTECTED]> wrote:
I think I might have to step away from the release manager role. Or,
at least the deployment of the Maven artifacts. I have a lot of
trouble getting the Maven signing plugins or scripts to work. Signing
all these Maven artifacts by hand is not something I can do on a
regular basis. I'll fix 2.0.6, but, otherwise, this might have to be
my last Maven distribution.
Well, _that_ was certainly not my intent! You shouldn't have to sign
them "by hand" -- there are far too many of them to make that a
reasonable requirement.
Prior to the gpg plugin being available I used a script to recursively
sign the jars in my local repo, and then upload the signatures. I
think Paul just used it for the Struts 1.3.7 signatures. It's a bash
shell script (I use Cygwin), but surely we have enough talent around
here to convert it to a script that will work on Windows...
Here's the signature part...
# Recursively pgp sign files in a directory structure
# Adapted from: http://gleamynode.net/wordpress/archives/129
echo -n "PGP Key Password: "
stty -echo
read PASSWORD
stty echo
echo ""
for FILE in $(find . -name "*.jar" -or -name "*.pom"); do
echo -n "Signing: $FILE ... "
echo "$PASSWORD" | gpg --default-key "$DEFAULT_KEY" --detach-sign
--armor --no-tty --yes --passphrase-fd 0 "$FILE" && echo done.
done
Unfortunately, this isn't something another committer can volunteer
for, the signatures really need to come from the person who built the
jars.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
