Improve the guideline of Preparing gpg key (#356)
* .
* use the same key id
* address comment
* address comment
* address comment
* regen site/release-process.html
* update
* address comments
* address comment
diff --git a/release-process.md b/release-process.md
index a295399..1e8d9fd 100644
--- a/release-process.md
+++ b/release-process.md
@@ -39,15 +39,83 @@
You can skip this section if you have already uploaded your key.
-After generating the gpg key, you need to upload your key to a public key server. Please refer to
-<a href="https://www.apache.org/dev/openpgp.html#generate-key">https://www.apache.org/dev/openpgp.html#generate-key</a>
-for details.
+<h4>Generate Key</h4>
-If you want to do the release on another machine, you can transfer your secret key to that machine
-via the `gpg --export-secret-keys` and `gpg --import` commands.
+Here's an example of gpg 2.0.12. If you use gpg version 1 series, please refer to <a href="https://www.apache.org/dev/openpgp.html#generate-key">generate-key</a> for details.
-The last step is to update the KEYS file with your code signing key
-<a href="https://www.apache.org/dev/openpgp.html#export-public-key">https://www.apache.org/dev/openpgp.html#export-public-key</a>
+```
+$ gpg --full-gen-key
+gpg (GnuPG) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc.
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Please select what kind of key you want:
+ (1) RSA and RSA (default)
+ (2) DSA and Elgamal
+ (3) DSA (sign only)
+ (4) RSA (sign only)
+Your selection? 1
+RSA keys may be between 1024 and 4096 bits long.
+What keysize do you want? (2048) 4096
+Requested keysize is 4096 bits
+Please specify how long the key should be valid.
+ 0 = key does not expire
+ <n> = key expires in n days
+ <n>w = key expires in n weeks
+ <n>m = key expires in n months
+ <n>y = key expires in n years
+Key is valid for? (0)
+Key does not expire at all
+Is this correct? (y/N) y
+
+GnuPG needs to construct a user ID to identify your key.
+
+Real name: Robert Burrell Donkin
+Email address: rdonkin@apache.org
+Comment: CODE SIGNING KEY
+You selected this USER-ID:
+ "Robert Burrell Donkin (CODE SIGNING KEY) <rdonkin@apache.org>"
+
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
+We need to generate a lot of random bytes. It is a good idea to perform
+some other action (type on the keyboard, move the mouse, utilize the
+disks) during the prime generation; this gives the random number
+generator a better chance to gain enough entropy.
+We need to generate a lot of random bytes. It is a good idea to perform
+some other action (type on the keyboard, move the mouse, utilize the
+disks) during the prime generation; this gives the random number
+generator a better chance to gain enough entropy.
+gpg: key 04B3B5C426A27D33 marked as ultimately trusted
+gpg: revocation certificate stored as '/home/ubuntu/.gnupg/openpgp-revocs.d/08071B1E23C8A7E2CA1E891A04B3B5C426A27D33.rev'
+public and secret key created and signed.
+
+pub rsa4096 2021-08-19 [SC]
+ 08071B1E23C8A7E2CA1E891A04B3B5C426A27D33
+uid Jack (test) <Jack@mail.com>
+sub rsa4096 2021-08-19 [E]
+```
+
+Note that the last 8 digits (26A27D33) of the public key is the <a href="https://infra.apache.org/release-signing.html#key-id">key ID</a>.
+
+<h4>Upload Key</h4>
+
+After generating the public key, we should upload it to <a href="https://infra.apache.org/release-signing.html#keyserver">public key server</a>:
+
+```
+$ gpg --keyserver keys.openpgp.org --send-key 26A27D33
+```
+
+Please refer to <a href="https://infra.apache.org/release-signing.html#keyserver-upload">keyserver-upload</a> for details.
+
+<h4>Update KEYS file with your code signing key</h4>
+
+To get the code signing key (a.k.a ASCII-armored public key), run the command:
+
+```
+$ gpg --export --armor 26A27D33
+```
+
+And then append the generated key to the KEYS file by:
```
# Move dev/ to release/ when the voting is completed. See Finalize the Release below
@@ -56,6 +124,9 @@
svn ci --username $ASF_USERNAME --password "$ASF_PASSWORD" -m"Update KEYS"
```
+If you want to do the release on another machine, you can transfer your secret key to that machine
+via the `gpg --export-secret-keys` and `gpg --import` commands.
+
<h3>Installing docker</h3>
The scripts to create release candidates are run through docker. You need to install docker before running
diff --git a/site/release-process.html b/site/release-process.html
index 0d1aa73..0e1b7bd 100644
--- a/site/release-process.html
+++ b/site/release-process.html
@@ -245,15 +245,80 @@
<p>You can skip this section if you have already uploaded your key.</p>
-<p>After generating the gpg key, you need to upload your key to a public key server. Please refer to
-<a href="https://www.apache.org/dev/openpgp.html#generate-key">https://www.apache.org/dev/openpgp.html#generate-key</a>
-for details.</p>
+<h4>Generate Key</h4>
-<p>If you want to do the release on another machine, you can transfer your secret key to that machine
-via the <code class="language-plaintext highlighter-rouge">gpg --export-secret-keys</code> and <code class="language-plaintext highlighter-rouge">gpg --import</code> commands.</p>
+<p>Here’s an example of gpg 2.0.12. If you use gpg version 1 series, please refer to <a href="https://www.apache.org/dev/openpgp.html#generate-key">generate-key</a> for details.</p>
-<p>The last step is to update the KEYS file with your code signing key
-<a href="https://www.apache.org/dev/openpgp.html#export-public-key">https://www.apache.org/dev/openpgp.html#export-public-key</a></p>
+<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ gpg --full-gen-key
+gpg (GnuPG) 2.0.12; Copyright (C) 2009 Free Software Foundation, Inc.
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Please select what kind of key you want:
+ (1) RSA and RSA (default)
+ (2) DSA and Elgamal
+ (3) DSA (sign only)
+ (4) RSA (sign only)
+Your selection? 1
+RSA keys may be between 1024 and 4096 bits long.
+What keysize do you want? (2048) 4096
+Requested keysize is 4096 bits
+Please specify how long the key should be valid.
+ 0 = key does not expire
+ <n> = key expires in n days
+ <n>w = key expires in n weeks
+ <n>m = key expires in n months
+ <n>y = key expires in n years
+Key is valid for? (0)
+Key does not expire at all
+Is this correct? (y/N) y
+
+GnuPG needs to construct a user ID to identify your key.
+
+Real name: Robert Burrell Donkin
+Email address: rdonkin@apache.org
+Comment: CODE SIGNING KEY
+You selected this USER-ID:
+ "Robert Burrell Donkin (CODE SIGNING KEY) <rdonkin@apache.org>"
+
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
+We need to generate a lot of random bytes. It is a good idea to perform
+some other action (type on the keyboard, move the mouse, utilize the
+disks) during the prime generation; this gives the random number
+generator a better chance to gain enough entropy.
+We need to generate a lot of random bytes. It is a good idea to perform
+some other action (type on the keyboard, move the mouse, utilize the
+disks) during the prime generation; this gives the random number
+generator a better chance to gain enough entropy.
+gpg: key 04B3B5C426A27D33 marked as ultimately trusted
+gpg: revocation certificate stored as '/home/ubuntu/.gnupg/openpgp-revocs.d/08071B1E23C8A7E2CA1E891A04B3B5C426A27D33.rev'
+public and secret key created and signed.
+
+pub rsa4096 2021-08-19 [SC]
+ 08071B1E23C8A7E2CA1E891A04B3B5C426A27D33
+uid Jack (test) <Jack@mail.com>
+sub rsa4096 2021-08-19 [E]
+</code></pre></div></div>
+
+<p>Note that the last 8 digits (26A27D33) of the public key is the <a href="https://infra.apache.org/release-signing.html#key-id">key ID</a>.</p>
+
+<h4>Upload Key</h4>
+
+<p>After generating the public key, we should upload it to <a href="https://infra.apache.org/release-signing.html#keyserver">public key server</a>:</p>
+
+<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ gpg --keyserver keys.openpgp.org --send-key 26A27D33
+</code></pre></div></div>
+
+<p>Please refer to <a href="https://infra.apache.org/release-signing.html#keyserver-upload">keyserver-upload</a> for details.</p>
+
+<h4>Update KEYS file with your code signing key</h4>
+
+<p>To get the code signing key (a.k.a ASCII-armored public key), run the command:</p>
+
+<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ gpg --export --armor 26A27D33
+</code></pre></div></div>
+
+<p>And then append the generated key to the KEYS file by:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code># Move dev/ to release/ when the voting is completed. See Finalize the Release below
svn co --depth=files "https://dist.apache.org/repos/dist/dev/spark" svn-spark
@@ -261,6 +326,9 @@
svn ci --username $ASF_USERNAME --password "$ASF_PASSWORD" -m"Update KEYS"
</code></pre></div></div>
+<p>If you want to do the release on another machine, you can transfer your secret key to that machine
+via the <code class="language-plaintext highlighter-rouge">gpg --export-secret-keys</code> and <code class="language-plaintext highlighter-rouge">gpg --import</code> commands.</p>
+
<h3>Installing docker</h3>
<p>The scripts to create release candidates are run through docker. You need to install docker before running
