On Fri, 30 Mar 2007, Xavier Hanin <[EMAIL PROTECTED]> wrote: > Ok, so I'll add checksum generation in the build-release.xml > script. But maybe signing could also be part of the script? If so, > any example I could use?
I have simple shell script that I've taken from Antoine at once. ,----[ signdist ] | #!/bin/sh | for i in `find distribution \( -name \*.bz2 -o -name \*.zip -o -name \*.gz \)` | do | echo "Signing " $i | gpg -a -b --force-v3-sigs $i | done `---- which isn't really too fancy - but I don't need to remember which arguments gpg needs to create PGP 5.x compatible signatures that way. I think Antoine has added a sign task to commons-openpgp (in Jakarta Commons' Sandbox) but I've never used it myself. > Oh, and one last question about distribution format: Ivy releases > used to be distributed only in zip, should we also provide tar.gz? Yes, please, this might be nice for people living on Unix systems without InfoZIP (not that they are too common these days). Stefan
