Apache OpenOffice Source Release

This page provides absic informaiton how to prepare, sign and verify source releases. The apache.openoffice-<version>-r<revision>-src.[zip|tar.gz|tar.bz2] files were created with a new ant script file (solven/bin/srcrelease.xml) that can be triggered in instsetoo_native/util as a new target "aoo_srcrelease".

Available files

AOO keys file

You can use the OpenOffice committers keys file ooo.asc. Or alternatively the local key file aoo.KEYS that I have created intially. Ok, this files contains currently only my new created key that is not well known so far, but at least send to the default public key server of gpg.

ooo.asc
aoo.KEYS

AOO src release files

The latest source release files can be found on develoepr snapshot page (https://cwiki.apache.org/confluence/display/OOOUSERS/Development+Snapshot+Builds#DevelopmentSnapshotBuilds-AOOSnapshotsrcrelease)

How you verify the files

Here a short example how you can veryfy the files and play around with it

The PGP signatures can be verified using PGP or GPG. You should first downlaod the key file ooo.asc and the ASC(PGP) signature file for the particular src release file (in this case the tar.gz). You can verify the signatures using


% pgpk -a ooo.asc
% pgpv apache-openoffice-4.0.0-r1502185-src.tar.gz.asc
or
% pgp -ka ooo.asc
% pgp apache-openoffice-4.0.0-r1502185-src.tar.gz.asc
or
% gpg --import ooo.asc
% gpg --verify apache-openoffice-4.0.0-r1502185-src.tar.gz.asc

Alternatively, you can verify the checksums on the files. Unix programs called md5/sha256 or md5sum/sha256sum are included in many unix distributions. *sum is also available as part of GNU Textutils.