2008-03-09 Complication

* Give the Jetty build file ability to ask permission
      before downloading the Jetty archive from the web,
      and to verify its SHA1 + MD5 hashes. Adjust the main build file
      in accordance with this change.
    * Improve the release checklist.

checklist.txt

@@ -4,6 +4,7 @@ Release checklist
 Sync with mtn.i2p2.i2p
 Start with a clean checkout mtn -d i2p.mtn co --branch=i2p.i2p
 Double-check trust list
+Deploy the Jetty archive, a clean checkout lacks it
 
 Change revision in:
 	history.txt
@@ -16,7 +17,7 @@ Change revision in:
 Build and tag:
 	ant dist
 	mtn ci
-	mtn tag i2p-0.6.1.xx h:
+	mtn tag h: i2p-0.6.1.xx
 	Sync with mtn.i2p2.i2p
 
 Create a signed update file with:
@@ -33,12 +34,23 @@ Make the source tarball:
 	tar cjf i2psource-0.6.1.xx.tar.bz2 --exclude i2p-0.6.1.xx/_MTN i2p-0.6.1.xx	
 	mv i2p-0.6.1.xx.tar.bz2 i2p.i2p
 
-More signatures:
-	sha1sum i2pinstall.exe i2p.tar.bz2 i2psource-0.6.1.xx.tar.bz2 i2pupdate.zip
-	gpg -b i2pinstall.exe
-	gpg -b i2p.tar.bz2
-	gpg -b i2p-0.6.1.xx.tar.bz2
-	gpg -b i2pupdate.zip
+Until the build script gets this ability, you need to rename some files:
+	mv i2pinstall.exe i2pinstall-0.6.1.xx.exe
+	mv i2p.tar.bz2 i2pheadless-0.6.1.xx.tar.bz2
+	mv i2pupdate.zip i2pupdate-0.6.1.xx.zip
+	you probably don't need to rename i2pupdate.sud
+
+Generate hashes:
+	sha1sum i2p*0.6.1.xx.*
+	sha1sum i2pupdate.sud
+	now GPG-sign an announcement with the hashes
+
+Generate PGP signatures:
+	gpg -b i2pinstall-0.6.1.xx.exe
+	gpg -b i2pheadless-0.6.1.xx.tar.bz2
+	gpg -b i2psource-0.6.1.xx.tar.bz2
+	gpg -b i2pupdate-0.6.1.xx.zip
+	gpg -b i2pupdate.sud
 
 Distribute files to download locations and to www.i2p2.i2p