Description
As an RM for 1.2.0 I did a lot of it via automation (relevant tasks in release.gradle) but there also were quite a few things I had to do by hand. I'll dump my notes here and hopefully we can put those in automation for the next release:
- I had to sign RPM packages by:
$ echo > ~/.rpmmacros <<__EOT__ %_signature gpg %_gpg_path /ws/gnupg %_gpg_name 9475BD5D %_gpgbin /usr/bin/gpg __EOT__ $ rpm --addsign `find . -name \*rpm`
- I had to sign the YUM and Zypper repos by (the last two steps were Zypper specific):
$ for i in ./*/*/*/repodata/repomd.xml ; do gpg --homedir /ws/gnupg --detach-sign --armor $i ; done $ gpg --homedir /ws/gnupg --armor --export rvs@apache.org > opensuse/42.1/x86_64/repodata/repomd.xml.key $ for i in *.xml.gz repomd.xml.key ; do gpg --homedir /ws/gnupg --detach-sign --armor $i ; done
- I had to sign APT repo by essentially rebuilding it from scratch with:
$ cat > apt/conf/distributions <<__EOT__ Origin: Bigtop Label: Bigtop Suite: stable Codename: bigtop Version: 1.2.0 Architectures: amd64 source Components: contrib Description: Apache Bigtop SignWith: 9475BD5D __EOT__ $ cat > apt/conf/options <<__EOT__ verbose ask-passphrase __EOT__
Also it helps to do this with GPG agent sine all these tools are super chatty and will keep asking you for the master password to your key:
echo 'use-agent' >> ~/.gnupg/gpg.conf echo 'pinentry-program /usr/bin/pinentry-curses' > ~/.gnupg/gpg-agent.conf
Attachments
Issue Links
- relates to
-
BIGTOP-1466 automate to include known issues in release notes
-
- Open
-
-
BIGTOP-1463 We need a better automation of the release process.
-
- Open
-