This is an automated email from the ASF dual-hosted git repository.
djwang pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudberry.git
The following commit(s) were added to refs/heads/main by this push:
new e304d3eb67b Fix GPG verify path for staged release artifacts
e304d3eb67b is described below
commit e304d3eb67b50f512f1c4d0281c0f8169aec72a5
Author: Dianjin Wang <[email protected]>
AuthorDate: Thu Feb 26 18:16:22 2026 +0800
Fix GPG verify path for staged release artifacts
Use absolute artifact paths in the GPG verification step of
devops/release/cloudberry-release.sh.
Previously, the script verified SHA-512 using an absolute path but
called `gpg --verify` with relative file names. When running with
`--repo` from a different working directory, this could fail with
"No such file or directory" even though the `.asc` file existed in
the artifacts directory.
This change aligns the GPG verify command with the SHA-512 check by
verifying:
$ARTIFACTS_DIR/${TAR_NAME}.asc
against:
$ARTIFACTS_DIR/$TAR_NAME
No behavior change for successful local runs besides making path
resolution robust.
---
devops/release/cloudberry-release.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/devops/release/cloudberry-release.sh
b/devops/release/cloudberry-release.sh
index 641d435f26a..fbde88b87c8 100755
--- a/devops/release/cloudberry-release.sh
+++ b/devops/release/cloudberry-release.sh
@@ -677,7 +677,7 @@ section "Staging release: $TAG"
section "Verifying GPG Signature ($ARTIFACTS_DIR/${TAR_NAME}.asc) Release
Artifact"
if [[ "$SKIP_SIGNING" != true ]]; then
- gpg --verify "${TAR_NAME}.asc" "$TAR_NAME"
+ gpg --verify "$ARTIFACTS_DIR/${TAR_NAME}.asc" "$ARTIFACTS_DIR/$TAR_NAME"
else
echo "INFO: Signature verification skipped (--skip-signing). Signature is
only available when generated via this script."
fi
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
