Hi David, Thanks for helping check this,
I can see signatures on my key: pub 4096R/57300D45 <http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45> 2018-03-20 Fingerprint=4C89 9853 CDDA 4E40 C602 12B5 B3FA 653D 5730 0D45 uid Wangda tan <wan...@apache.org> sig sig3 57300D45 <http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45> 2018-03-20 __________ __________ [selfsig] <http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0xB3FA653D57300D45> sig sig C36C5F0F <http://pool.sks-keyservers.net:11371/key/0x255ADF56C36C5F0F> 2018-04-05 __________ __________ Vinod Kumar Vavilapalli (I am also known as @tshooter.) <vino...@apache.org> <http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0x255ADF56C36C5F0F> sig sig F9CBBD4C <http://pool.sks-keyservers.net:11371/key/0x29ED86E6F9CBBD4C> 2018-11-08 __________ __________ shikong <wudimengh...@gmail.com> <http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0x29ED86E6F9CBBD4C> sub 4096R/D0C16F12 2018-03-20 sig sbind 57300D45 <http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45> 2018-03-20 __________ __________ [] <http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0xB3FA653D57300D45> And gpg --edit-key also shows: gpg --edit-key 4C899853CDDA4E40C60212B5B3FA653D57300D45 gpg (GnuPG) 2.2.5; Copyright (C) 2018 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. sec rsa4096/B3FA653D57300D45 created: 2018-03-20 expires: never usage: SC trust: unknown validity: unknown ssb rsa4096/79CD893FD0C16F12 created: 2018-03-20 expires: never usage: E [ unknown] (1). Wangda tan <wan...@apache.org> Thanks, Wangda On Mon, Jan 21, 2019 at 9:08 AM David Nalley <da...@gnsa.us> wrote: > I wonder if it's because there are no signatures on your key. > > --David > > On Mon, Jan 21, 2019 at 11:57 AM Wangda Tan <wheele...@gmail.com> wrote: > > > > Hi Brian, > > > > Here're links to my key: > > > > http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45 > > > > http://pgp.mit.edu/pks/lookup?op=get&search=0xB3FA653D57300D45 > > > > On Apache SVN: > https://dist.apache.org/repos/dist/release/hadoop/common/KEYS > > > > Thanks, > > Wangda > > > > On Mon, Jan 21, 2019 at 6:51 AM Brian Demers <brian.dem...@gmail.com> > wrote: > >> > >> Can you share the link to your key? > >> > >> -Brian > >> > >> On Jan 20, 2019, at 11:21 PM, Wangda Tan <wheele...@gmail.com> wrote: > >> > >> Still couldn't figure out without locating the log on the Nexus > machine. With help from several committers and PMCs, we didn't see anything > wrong with my signing key. > >> > >> I don't want to delay 3.1.2 more because of this. Is it allowed for me > to publish artifacts (like tarball, source package, etc.) only and somebody > else to push Maven bits to Nexus. I believe Apache bylaw should allow that > because there're several releases have more than one release managers. If > it is not allowed, please take over the RM role if you have the bandwidth, > I think most works have been done except close the Nexus repo. > >> > >> Thanks, > >> Wangda > >> > >> On Thu, Jan 17, 2019 at 11:18 AM Wangda Tan <wheele...@gmail.com> > wrote: > >>> > >>> Spent several more hours trying to figure out the issue, still no luck. > >>> > >>> I just filed https://issues.sonatype.org/browse/OSSRH-45646, really > appreciate if anybody could add some suggestions. > >>> > >>> Thanks, > >>> Wangda > >>> > >>> On Tue, Jan 15, 2019 at 9:48 AM Wangda Tan <wheele...@gmail.com> > wrote: > >>>> > >>>> It seems the problem still exists for me: > >>>> > >>>> Now the error message only contains: > >>>> > >>>> failureMessage Failed to validate the pgp signature of > '/org/apache/hadoop/hadoop-client-check-invariants/3.1.2/hadoop-client-check-invariants-3.1.2.pom', > check the logs. > >>>> failureMessage Failed to validate the pgp signature of > '/org/apache/hadoop/hadoop-resourceestimator/3.1.2/hadoop-resourceestimator-3.1.2-javadoc.jar', > check the logs. > >>>> > >>>> If anybody has access the Nexus node, could you please help to check > what is the failure message? > >>>> > >>>> Thanks, > >>>> Wangda > >>>> > >>>> > >>>> On Tue, Jan 15, 2019 at 9:56 AM Brian Fox <bri...@infinity.nu> wrote: > >>>>> > >>>>> Good to know. The pool has occasionally had sync issues, but we're > talking 3 times in the last 8-9 years. > >>>>> > >>>>> On Tue, Jan 15, 2019 at 10:39 AM Elek, Marton <e...@apache.org> > wrote: > >>>>>> > >>>>>> My key was pushed to the server with pgp about 1 year ago, and it > worked > >>>>>> well with the last Ratis release. So it should be synced between > the key > >>>>>> servers. > >>>>>> > >>>>>> But it seems that the INFRA solved the problem with shuffling the > key > >>>>>> server order (or it was an intermittent issue): see INFRA-17649 > >>>>>> > >>>>>> Seems to be working now... > >>>>>> > >>>>>> Marton > >>>>>> > >>>>>> > >>>>>> On 1/15/19 5:19 AM, Wangda Tan wrote: > >>>>>> > HI Brain, > >>>>>> > Thanks for responding, could u share how to push to keys to > Apache pgp pool? > >>>>>> > > >>>>>> > Best, > >>>>>> > Wangda > >>>>>> > > >>>>>> > On Mon, Jan 14, 2019 at 10:44 AM Brian Fox <bri...@infinity.nu> > wrote: > >>>>>> > > >>>>>> >> Did you push your key up to the pgp pool? That's what Nexus is > validating > >>>>>> >> against. It might take time to propagate if you just pushed it. > >>>>>> >> > >>>>>> >> On Mon, Jan 14, 2019 at 9:59 AM Elek, Marton <e...@apache.org> > wrote: > >>>>>> >> > >>>>>> >>> Seems to be an INFRA issue for me: > >>>>>> >>> > >>>>>> >>> 1. I downloaded a sample jar file [1] + the signature from the > >>>>>> >>> repository and it was ok, locally I verified it. > >>>>>> >>> > >>>>>> >>> 2. I tested it with an other Apache project (Ratis) and my key. > I got > >>>>>> >>> the same problem even if it worked at last year during the 0.3.0 > >>>>>> >>> release. (I used exactly the same command) > >>>>>> >>> > >>>>>> >>> I opened an infra ticket to check the logs of the Nexus as it > was > >>>>>> >>> suggested in the error message: > >>>>>> >>> > >>>>>> >>> https://issues.apache.org/jira/browse/INFRA-17649 > >>>>>> >>> > >>>>>> >>> Marton > >>>>>> >>> > >>>>>> >>> > >>>>>> >>> [1]: > >>>>>> >>> > >>>>>> >>> > https://repository.apache.org/service/local/repositories/orgapachehadoop-1183/content/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-javadoc.jar > >>>>>> >>> > >>>>>> >>> > >>>>>> >>> On 1/13/19 6:27 AM, Wangda Tan wrote: > >>>>>> >>>> Uploaded sample file and signature. > >>>>>> >>>> > >>>>>> >>>> > >>>>>> >>>> > >>>>>> >>>> On Sat, Jan 12, 2019 at 9:18 PM Wangda Tan < > wheele...@gmail.com > >>>>>> >>>> <mailto:wheele...@gmail.com>> wrote: > >>>>>> >>>> > >>>>>> >>>> Actually, among the hundreds of failed messages, the "No > public key" > >>>>>> >>>> issues still occurred several times: > >>>>>> >>>> > >>>>>> >>>> failureMessage No public key: Key with id: > (b3fa653d57300d45) > >>>>>> >>>> was not able to be located on http://gpg-keyserver.de/. > Upload > >>>>>> >>>> your public key and try the operation again. > >>>>>> >>>> failureMessage No public key: Key with id: > (b3fa653d57300d45) > >>>>>> >>>> was not able to be located on > >>>>>> >>>> http://pool.sks-keyservers.net:11371. Upload your > public key > >>>>>> >>> and > >>>>>> >>>> try the operation again. > >>>>>> >>>> failureMessage No public key: Key with id: > (b3fa653d57300d45) > >>>>>> >>>> was not able to be located on http://pgp.mit.edu:11371. > Upload > >>>>>> >>>> your public key and try the operation again. > >>>>>> >>>> > >>>>>> >>>> Once the close operation returned, I will upload sample > files which > >>>>>> >>>> may help troubleshoot the issue. > >>>>>> >>>> > >>>>>> >>>> Thanks, > >>>>>> >>>> > >>>>>> >>>> On Sat, Jan 12, 2019 at 9:04 PM Wangda Tan < > wheele...@gmail.com > >>>>>> >>>> <mailto:wheele...@gmail.com>> wrote: > >>>>>> >>>> > >>>>>> >>>> Thanks David for the quick response! > >>>>>> >>>> > >>>>>> >>>> I just retried, now the "No public key" issue is gone. > However, > >>>>>> >>>> the issue: > >>>>>> >>>> > >>>>>> >>>> failureMessage Failed to validate the pgp > signature of > >>>>>> >>>> > >>>>>> >>> > '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-tests.jar', > >>>>>> >>>> check the logs. > >>>>>> >>>> failureMessage Failed to validate the pgp > signature of > >>>>>> >>>> > >>>>>> >>> > '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-test-sources.jar', > >>>>>> >>>> check the logs. > >>>>>> >>>> failureMessage Failed to validate the pgp > signature of > >>>>>> >>>> > >>>>>> >>> > '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2.pom', > >>>>>> >>>> check the logs. > >>>>>> >>>> > >>>>>> >>>> > >>>>>> >>>> Still exists and repeated hundreds of times. Do you > know how to > >>>>>> >>>> access the logs mentioned by above log? > >>>>>> >>>> > >>>>>> >>>> Best, > >>>>>> >>>> Wangda > >>>>>> >>>> > >>>>>> >>>> On Sat, Jan 12, 2019 at 8:37 PM David Nalley < > da...@gnsa.us > >>>>>> >>>> <mailto:da...@gnsa.us>> wrote: > >>>>>> >>>> > >>>>>> >>>> On Sat, Jan 12, 2019 at 9:09 PM Wangda Tan > >>>>>> >>>> <wheele...@gmail.com <mailto:wheele...@gmail.com>> > wrote: > >>>>>> >>>> > > >>>>>> >>>> > Hi Devs, > >>>>>> >>>> > > >>>>>> >>>> > I'm currently rolling Hadoop 3.1.2 release > candidate, > >>>>>> >>>> however, I saw an issue when I try to close repo > in Nexus. > >>>>>> >>>> > > >>>>>> >>>> > Logs of > >>>>>> >>> https://repository.apache.org/#stagingRepositories > >>>>>> >>>> (orgapachehadoop-1183) shows hundreds of lines of > the > >>>>>> >>>> following error: > >>>>>> >>>> > > >>>>>> >>>> > failureMessage No public key: Key with id: > >>>>>> >>>> (b3fa653d57300d45) was not able to be located on > >>>>>> >>>> http://gpg-keyserver.de/. Upload your public key > and try > >>>>>> >>> the > >>>>>> >>>> operation again. > >>>>>> >>>> > failureMessage No public key: Key with id: > >>>>>> >>>> (b3fa653d57300d45) was not able to be located on > >>>>>> >>>> http://pool.sks-keyservers.net:11371. Upload your > public > >>>>>> >>> key > >>>>>> >>>> and try the operation again. > >>>>>> >>>> > failureMessage No public key: Key with id: > >>>>>> >>>> (b3fa653d57300d45) was not able to be located on > >>>>>> >>>> http://pgp.mit.edu:11371. Upload your public key > and try > >>>>>> >>> the > >>>>>> >>>> operation again. > >>>>>> >>>> > ... > >>>>>> >>>> > failureMessage Failed to validate the pgp > signature of > >>>>>> >>>> > >>>>>> >>> > '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-tests.jar', > >>>>>> >>>> check the logs. > >>>>>> >>>> > failureMessage Failed to validate the pgp > signature of > >>>>>> >>>> > >>>>>> >>> > '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-test-sources.jar', > >>>>>> >>>> check the logs. > >>>>>> >>>> > failureMessage Failed to validate the pgp > signature of > >>>>>> >>>> > >>>>>> >>> > '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-sources.jar', > >>>>>> >>>> check the logs. > >>>>>> >>>> > > >>>>>> >>>> > > >>>>>> >>>> > This is the same key I used before (and finished > two > >>>>>> >>>> releases), the same environment I used before. > >>>>>> >>>> > > >>>>>> >>>> > I have tried more than 10 times in the last two > days, no > >>>>>> >>>> luck. And closing the repo takes almost one hour > (Regular > >>>>>> >>>> time is less than 1 min) and always fail at the > last. > >>>>>> >>>> > > >>>>>> >>>> > I used following commands to validate key exists > on key > >>>>>> >>>> servers > >>>>>> >>>> > > >>>>>> >>>> > gpg --keyserver pgp.mit.edu <http://pgp.mit.edu> > >>>>>> >>>> --recv-keys 57300D45 > >>>>>> >>>> > gpg: WARNING: unsafe permissions on homedir > >>>>>> >>>> '/Users/wtan/.gnupg' > >>>>>> >>>> > gpg: key B3FA653D57300D45: 1 signature not > checked due to > >>>>>> >>>> a missing key > >>>>>> >>>> > gpg: key B3FA653D57300D45: "Wangda tan < > wan...@apache.org > >>>>>> >>>> <mailto:wan...@apache.org>>" not changed > >>>>>> >>>> > gpg: Total number processed: 1 > >>>>>> >>>> > gpg: unchanged: 1 > >>>>>> >>>> > > >>>>>> >>>> > gpg --keyserver pool.sks-keyservers.net > >>>>>> >>>> <http://pool.sks-keyservers.net> --recv-keys > >>>>>> >>> B3FA653D57300D45 > >>>>>> >>>> > gpg: WARNING: unsafe permissions on homedir > >>>>>> >>>> '/Users/wtan/.gnupg' > >>>>>> >>>> > gpg: key B3FA653D57300D45: 1 signature not > checked due to > >>>>>> >>>> a missing key > >>>>>> >>>> > gpg: key B3FA653D57300D45: "Wangda tan < > wan...@apache.org > >>>>>> >>>> <mailto:wan...@apache.org>>" not changed > >>>>>> >>>> > gpg: Total number processed: 1 > >>>>>> >>>> > gpg: unchanged: 1 > >>>>>> >>>> > > >>>>>> >>>> > >>>>>> >>>> Both of these report that your key was not found. > >>>>>> >>>> I took the key from the KEYS file and uploaded it > to both of > >>>>>> >>>> those servers. > >>>>>> >>>> > >>>>>> >>>> You might try the release again and see if this > resolves the > >>>>>> >>>> issue. > >>>>>> >>>> > >>>>>> >>>> > >>>>>> >>>> > >>>>>> >>>> > --------------------------------------------------------------------- > >>>>>> >>>> To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org > >>>>>> >>>> For additional commands, e-mail: > hdfs-dev-h...@hadoop.apache.org > >>>>>> >>>> > >>>>>> >>> > >>>>>> >> > >>>>>> > >