diff --git a/ReleaseInstructions b/ReleaseInstructions index 3efcdd843..2ca1fe429 100644 --- a/ReleaseInstructions +++ b/ReleaseInstructions @@ -118,27 +118,17 @@ Note: This document was updated in the context of releasing Ant 1.7. Revision 437509 Uebertragen. -9. Sign the distribution files using the following simple script - - @TODO : document using commons-openpgp to sign the artefacts, - change the build file to do this - - #!/bin/sh - # signing the various source and binary archives of the entire distribution - for i in `/usr/bin/find distribution \( -name "*.bz2" -o -name "*.zip" -o -name "*.gz" \)` - do - echo "Signing " $i - gpg -a -b --force-v3-sigs $i - done - # signing the maven artefacts - for i in `/usr/bin/find java-repository \( -name "*.pom" -o -name "*.jar" \)` - do - echo "Signing " $i - gpg -a -b --force-v3-sigs $i - done - - The --force-v3-sigs will improve the interoperability with PGP 5.x, - see . +9. Sign the distribution files using the script release/signit.xml + + This script requires using commons-openpgp to sign the artefacts, + + This tool can be checked out from + http:/svn.apache.org/repos/asf/commons/sandbox/openpgp/trunk + You have to build it using maven + + You can create a property file .gnupg.properties in your home directory + with your key id + and pass your key passphrase on the command line with -Dpassword=**** Before you do that, ensure that the key you use is inside the KEYS file in Ant's SVN repository