Changes between Version 3 and Version 4 of org/teams/MetricsTeam/VerifyJavaReleases


Ignore:
Timestamp:
May 25, 2018, 12:52:05 PM (8 months ago)
Author:
irl
Comment:

jar files are in dist/signed folder

Legend:

Unmodified
Added
Removed
Modified
  • org/teams/MetricsTeam/VerifyJavaReleases

    v3 v4  
    1818* verify gpg signature ([https://www.torproject.org/docs/verifying-signatures.html.en steps for verification])
    1919* unpack the tar.gz file, i.e. `tar xf <name>.tar.gz`
    20 * cd to <name>-<version>/generated/dist folder
     20* cd to <name>-<version>/generated/dist/signed folder
    2121* quick verification: `jarsigner -verify <name>-<version>.jar` (Unless you imported certs earlier it will warn that the cert chain was not validated. That's ok. More important are the signatures and manifest entries.)  For a more detailed explanation and guide see [https://docs.oracle.com/javase/8/docs/technotes/tools/index.html#security Oracle's Java Security Tools].
    2222