[GitHub] [spark-website] cloud-fan commented on a change in pull request #356: Improve the guideline of Preparing gpg key
cloud-fan commented on a change in pull request #356: URL: https://github.com/apache/spark-website/pull/356#discussion_r693773768 ## File path: release-process.md ## @@ -39,15 +39,90 @@ If you are a new Release Manager, you can read up on the process from the follow You can skip this section if you have already uploaded your key. -After generating the gpg key, you need to upload your key to a public key server. Please refer to -https://www.apache.org/dev/openpgp.html#generate-key;>https://www.apache.org/dev/openpgp.html#generate-key -for details. +Generate Key -If you want to do the release on another machine, you can transfer your secret key to that machine -via the `gpg --export-secret-keys` and `gpg --import` commands. +Here's an example of gpg 2.0.12. If you use gpg version 1 series, please refer to https://www.apache.org/dev/openpgp.html#generate-key;>generate-key for details. + +``` +:::console +$ gpg --full-gen-key +gpg (GnuPG) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc. +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. + +Please select what kind of key you want: + (1) RSA and RSA (default) + (2) DSA and Elgamal + (3) DSA (sign only) + (4) RSA (sign only) +Your selection? 1 +RSA keys may be between 1024 and 4096 bits long. +What keysize do you want? (2048) 4096 +Requested keysize is 4096 bits +Please specify how long the key should be valid. + 0 = key does not expire += key expires in n days + w = key expires in n weeks + m = key expires in n months + y = key expires in n years +Key is valid for? (0) +Key does not expire at all +Is this correct? (y/N) y + +GnuPG needs to construct a user ID to identify your key. + +Real name: Robert Burrell Donkin +Email address: rdon...@apache.org +Comment: CODE SIGNING KEY +You selected this USER-ID: +"Robert Burrell Donkin (CODE SIGNING KEY) " + +Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O +We need to generate a lot of random bytes. It is a good idea to perform +some other action (type on the keyboard, move the mouse, utilize the +disks) during the prime generation; this gives the random number +generator a better chance to gain enough entropy. +We need to generate a lot of random bytes. It is a good idea to perform +some other action (type on the keyboard, move the mouse, utilize the +disks) during the prime generation; this gives the random number +generator a better chance to gain enough entropy. +gpg: key 04B3B5C426A27D33 marked as ultimately trusted +gpg: revocation certificate stored as '/home/ubuntu/.gnupg/openpgp-revocs.d/08071B1E23C8A7E2CA1E891A04B3B5C426A27D33.rev' +public and secret key created and signed. + +pub rsa4096 2021-08-19 [SC] + 08071B1E23C8A7E2CA1E891A04B3B5C426A27D33 +uid Jack (test) +sub rsa4096 2021-08-19 [E] +``` + +Note that the last 8 digits (26A27D33) of the public key is the https://infra.apache.org/release-signing.html#key-id;>key ID. -The last step is to update the KEYS file with your code signing key -https://www.apache.org/dev/openpgp.html#export-public-key;>https://www.apache.org/dev/openpgp.html#export-public-key +Upload Key + +After generating the public key, we should upload it to a https://infra.apache.org/release-signing.html#keyserver;>public key server. +You can upload: + +either use gpg command: + +``` +$ gpg --keyserver keys.openpgp.org --send-key 26A27D33 +``` + +or copy-paste the ASCII-armored public key to http://keyserver.ubuntu.com:11371/#submitKey;>OpenPGP Keyserver. +The ASCII-armored public key can be generated by: + +``` +:::console +$ gpg --export --armor 26A27D33 +``` + +Please refer to https://infra.apache.org/release-signing.html#keyserver-upload;>keyserver-upload for details. + +Update KEYS file with your code signing key + +The code signing key is exactly the same with the ASCII-armored public key mentioned above. +You should append it to https://dist.apache.org/repos/dist/dev/spark/KEYS;>KEYS by: Review comment: ```suggestion You should append it to the KEYS file by: ``` It doesn't seem necessary to add url for `KEYS`. People need to run the svn command below anyway. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org For additional commands, e-mail: commits-h...@spark.apache.org
[GitHub] [spark-website] cloud-fan commented on a change in pull request #356: Improve the guideline of Preparing gpg key
cloud-fan commented on a change in pull request #356: URL: https://github.com/apache/spark-website/pull/356#discussion_r691867352 ## File path: release-process.md ## @@ -39,15 +39,97 @@ If you are a new Release Manager, you can read up on the process from the follow You can skip this section if you have already uploaded your key. -After generating the gpg key, you need to upload your key to a public key server. Please refer to -https://www.apache.org/dev/openpgp.html#generate-key;>https://www.apache.org/dev/openpgp.html#generate-key -for details. +Generate Key -If you want to do the release on another machine, you can transfer your secret key to that machine -via the `gpg --export-secret-keys` and `gpg --import` commands. +Here's an example of gpg 2.0.12. If you use gpg version 1 series, please refer to https://www.apache.org/dev/openpgp.html#generate-key;>generate-key for details. + +``` +:::console +$ gpg --full-gen-key +gpg (GnuPG) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc. +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. + +Please select what kind of key you want: + (1) RSA and RSA (default) + (2) DSA and Elgamal + (3) DSA (sign only) + (4) RSA (sign only) +Your selection? 1 +RSA keys may be between 1024 and 4096 bits long. +What keysize do you want? (2048) 4096 +Requested keysize is 4096 bits +Please specify how long the key should be valid. + 0 = key does not expire += key expires in n days + w = key expires in n weeks + m = key expires in n months + y = key expires in n years +Key is valid for? (0) +Key does not expire at all +Is this correct? (y/N) y + +GnuPG needs to construct a user ID to identify your key. + +Real name: Robert Burrell Donkin +Email address: rdon...@apache.org +Comment: CODE SIGNING KEY +You selected this USER-ID: +"Robert Burrell Donkin (CODE SIGNING KEY) " + +Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O +You need a Passphrase to protect your secret key. +``` + +Upload Key + +After generating the key, we should upload the public key to a https://infra.apache.org/release-signing.html#keyserver;>public key server. +Upload the public key either by: + +(Recommended) +First, export all public keys to ASCII-armored public key by +``` +:::console +$ gpg --export --armor +``` +or export the specific public key if you know the https://infra.apache.org/release-signing.html#key-id;>key ID, e.g., +``` +:::console +$ gpg --export --armor AD741727 +``` + +Here's an example of how to get the key ID for your public key: Review comment: Can we move it to the `Generate Key` section? I think the release manager should get the key id right after he/she generates the gpg key. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org For additional commands, e-mail: commits-h...@spark.apache.org
[GitHub] [spark-website] cloud-fan commented on a change in pull request #356: Improve the guideline of Preparing gpg key
cloud-fan commented on a change in pull request #356: URL: https://github.com/apache/spark-website/pull/356#discussion_r691793523 ## File path: release-process.md ## @@ -39,15 +39,82 @@ If you are a new Release Manager, you can read up on the process from the follow You can skip this section if you have already uploaded your key. -After generating the gpg key, you need to upload your key to a public key server. Please refer to -https://www.apache.org/dev/openpgp.html#generate-key;>https://www.apache.org/dev/openpgp.html#generate-key -for details. +Generate Key -If you want to do the release on another machine, you can transfer your secret key to that machine -via the `gpg --export-secret-keys` and `gpg --import` commands. +Here's an example of gpg 2.0.12. If you use gpg version 1 series, please refer to https://www.apache.org/dev/openpgp.html#generate-key;>generate-key for details. + +``` +:::console +$ gpg --full-gen-key +gpg (GnuPG) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc. +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. + +Please select what kind of key you want: + (1) RSA and RSA (default) + (2) DSA and Elgamal + (3) DSA (sign only) + (4) RSA (sign only) +Your selection? 1 +RSA keys may be between 1024 and 4096 bits long. +What keysize do you want? (2048) 4096 +Requested keysize is 4096 bits +Please specify how long the key should be valid. + 0 = key does not expire += key expires in n days + w = key expires in n weeks + m = key expires in n months + y = key expires in n years +Key is valid for? (0) +Key does not expire at all +Is this correct? (y/N) y + +GnuPG needs to construct a user ID to identify your key. + +Real name: Robert Burrell Donkin +Email address: rdon...@apache.org +Comment: CODE SIGNING KEY +You selected this USER-ID: +"Robert Burrell Donkin (CODE SIGNING KEY) " + +Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O +You need a Passphrase to protect your secret key. +``` + +Upload Key -The last step is to update the KEYS file with your code signing key -https://www.apache.org/dev/openpgp.html#export-public-key;>https://www.apache.org/dev/openpgp.html#export-public-key +After generating the key, we should upload the public key to a https://infra.apache.org/release-signing.html#keyserver;>public key server. +Upload the public key either by: + +(Recommended) +First, export all public keys to ASCII-armored public key by +``` +:::console +$ gpg --export --armor +``` +or export the specific public key if you know the https://infra.apache.org/release-signing.html#key-id;>key ID, e.g., +``` +:::console +$ gpg --export --armor AD741727 +``` +(Please refer to https://infra.apache.org/openpgp.html#export-public-key;>export-public-key for details.) + +Second, copy-paste your ASCII-armored public key to http://keyserver.ubuntu.com:11371/#submitKey;>OpenPGP Keyserver and submit. + +or + +Use gpg command to upload, e.g., + +``` +$ gpg --send-key B13131DE2 Review comment: Can we use the same id in the previous example `AD741727`? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org For additional commands, e-mail: commits-h...@spark.apache.org
[GitHub] [spark-website] cloud-fan commented on a change in pull request #356: Improve the guideline of Preparing gpg key
cloud-fan commented on a change in pull request #356: URL: https://github.com/apache/spark-website/pull/356#discussion_r691793389 ## File path: release-process.md ## @@ -39,15 +39,82 @@ If you are a new Release Manager, you can read up on the process from the follow You can skip this section if you have already uploaded your key. -After generating the gpg key, you need to upload your key to a public key server. Please refer to -https://www.apache.org/dev/openpgp.html#generate-key;>https://www.apache.org/dev/openpgp.html#generate-key -for details. +Generate Key -If you want to do the release on another machine, you can transfer your secret key to that machine -via the `gpg --export-secret-keys` and `gpg --import` commands. +Here's an example of gpg 2.0.12. If you use gpg version 1 series, please refer to https://www.apache.org/dev/openpgp.html#generate-key;>generate-key for details. + +``` +:::console +$ gpg --full-gen-key +gpg (GnuPG) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc. +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. + +Please select what kind of key you want: + (1) RSA and RSA (default) + (2) DSA and Elgamal + (3) DSA (sign only) + (4) RSA (sign only) +Your selection? 1 +RSA keys may be between 1024 and 4096 bits long. +What keysize do you want? (2048) 4096 +Requested keysize is 4096 bits +Please specify how long the key should be valid. + 0 = key does not expire += key expires in n days + w = key expires in n weeks + m = key expires in n months + y = key expires in n years +Key is valid for? (0) +Key does not expire at all +Is this correct? (y/N) y + +GnuPG needs to construct a user ID to identify your key. + +Real name: Robert Burrell Donkin +Email address: rdon...@apache.org +Comment: CODE SIGNING KEY +You selected this USER-ID: +"Robert Burrell Donkin (CODE SIGNING KEY) " + +Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O +You need a Passphrase to protect your secret key. +``` + +Upload Key -The last step is to update the KEYS file with your code signing key -https://www.apache.org/dev/openpgp.html#export-public-key;>https://www.apache.org/dev/openpgp.html#export-public-key +After generating the key, we should upload the public key to a https://infra.apache.org/release-signing.html#keyserver;>public key server. +Upload the public key either by: + +(Recommended) +First, export all public keys to ASCII-armored public key by +``` +:::console +$ gpg --export --armor +``` +or export the specific public key if you know the https://infra.apache.org/release-signing.html#key-id;>key ID, e.g., +``` +:::console +$ gpg --export --armor AD741727 Review comment: is there a way to find the id of the newly created CODE SIGNING KEY? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org For additional commands, e-mail: commits-h...@spark.apache.org
