OK so I wrote yet another way to do the signing, in Python (which I'll
happily find any excuse to use ;) -- it prompts for your passphrase
and then recurses through the dist directory looking for artifacts to
sign:
import sys
import os
import subprocess
import getpass
def signFile(pwd, fileName):
print '\nSIGN %s' % fileName
command = 'gpg --passphrase-fd 0 --batch --armor --detach-sig %s' %
fileName
print ' command %s' % command
ascFileName = fileName + '.asc'
if os.path.exists(ascFileName):
os.remove(ascFileName)
p = subprocess.Popen(command, shell=True, stdin=subprocess.PIPE)
p.stdin.write(pwd)
p.stdin.close()
result = p.wait()
if result != 0:
raise RuntimeError('command failed: exit code %s' % result)
def isArtifact(fileName):
for suffix in ('.tar.gz', '.jar', '.zip', '.pom'):
if fileName.endswith(suffix):
return True
else:
return False
def main(argv):
if len(argv) != 2:
print '\nUsage: python %s distRootDirName\n' % argv[0]
return
pwd = getpass.unix_getpass(prompt='\nPlease enter your GPG private
key passphrase:')
for dirPath, dirNames, fileNames in os.walk(argv[1]):
for fileName in fileNames:
if isArtifact(fileName):
signFile(pwd, os.path.join(dirPath, fileName))
if __name__ == '__main__':
main(sys.argv)
Mike
Nicolas Lalevée wrote:
Le 19 sept. 08 à 15:21, Grant Ingersoll a écrit :
FWIW, here's a simple bash function to do it too:
function sign-artifacts()
{
gpg --armor --output $1-$2.pom.asc --detach-sig $1-$2.pom
if [ -f $1-$2-javadoc.jar ]; then
gpg --armor --output $1-$2-javadoc.jar.asc --detach-sig $1-
$2-javadoc.jar
fi
if [ -f $1-$2-sources.jar ]; then
gpg --armor --output $1-$2-sources.jar.asc --detach-sig $1-
$2-sources.jar
fi
if [ -f $1-$2.jar ]; then
gpg --armor --output $1-$2.jar.asc --detach-sig $1-$2.jar
fi
}
I call it as sign-artifacts <artifact id> <version number>
i.e. sign-artifacts solr-common 1.3.0
I suppose it could be put into a loop that recurses through sub-dirs.
You might also interested into the "read" function which avoid enter
the pass phrase for every artifact:
https://svn.apache.org/repos/asf/ant/ivy/ivyde/trunk/signArtifacts.sh
Nicolas
-Grant
On Sep 18, 2008, at 7:16 PM, Michael McCandless wrote:
Yeah I was afraid of this :)
I'll look at SOLR-776. Thanks for the pointer!
Mike
Grant Ingersoll wrote:
FYI, MIke, you might be interested in https://issues.apache.org/jira/browse/SOLR-776
for signing the Maven artifacts (what a PITA). I know Michael
B. has a batch script, but this does it in a Ant friendly way and
is available for all RMs.
Cheers,
Grant
On Sep 18, 2008, at 2:29 PM, Michael McCandless wrote:
Hi,
I just created the first release candidate for 2.4, here:
http://people.apache.org/~mikemccand/staging-area/lucene2.4rc1
Please download the release candidate, kick the tires and report
back
on any issues you encounter.
The plan is to make only serious bug fixes or build/doc fixes, to
2.4 for ~10 days, after which if there are no blockers I'll call a
vote for the actual release.
Happy testing, and thanks!
Mike
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
