I just checked on KEYS file, it doesn't show sig part. I updated KEYS file
on Apache https://dist.apache.org/repos/dist/release/hadoop/common/KEYS and
made it be ultimately trusted.
pub rsa4096 2018-03-20 [SC]
4C899853CDDA4E40C60212B5B3FA653D57300D45
uid [ultimate] Wangda tan <wan...@apache.org>
sig 3 B3FA653D57300D45 2018-03-20 Wangda tan <wan...@apache.org>
sub rsa4096 2018-03-20 [E]
sig B3FA653D57300D45 2018-03-20 Wangda tan <wan...@apache.org>
But the error still remains same while closing repo, not sure how to
get it resolved ..
On Mon, Jan 21, 2019 at 9:14 AM Wangda Tan <wheele...@gmail.com> wrote:
> Hi David,
>
> Thanks for helping check this,
>
> I can see signatures on my key:
>
> pub 4096R/57300D45
> <http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45> 2018-03-20
> Fingerprint=4C89 9853 CDDA 4E40 C602 12B5 B3FA 653D 5730 0D45
> uid Wangda tan <wan...@apache.org>
> sig sig3 57300D45
> <http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45> 2018-03-20
> __________ __________ [selfsig]
> <http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0xB3FA653D57300D45>
> sig sig C36C5F0F
> <http://pool.sks-keyservers.net:11371/key/0x255ADF56C36C5F0F> 2018-04-05
> __________ __________ Vinod Kumar Vavilapalli (I am also known as @tshooter.)
> <vino...@apache.org>
> <http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0x255ADF56C36C5F0F>
> sig sig F9CBBD4C
> <http://pool.sks-keyservers.net:11371/key/0x29ED86E6F9CBBD4C> 2018-11-08
> __________ __________ shikong <wudimengh...@gmail.com>
> <http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0x29ED86E6F9CBBD4C>
> sub 4096R/D0C16F12 2018-03-20
> sig sbind 57300D45
> <http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45> 2018-03-20
> __________ __________ []
> <http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0xB3FA653D57300D45>
>
> And gpg --edit-key also shows:
>
> gpg --edit-key 4C899853CDDA4E40C60212B5B3FA653D57300D45
> gpg (GnuPG) 2.2.5; Copyright (C) 2018 Free Software Foundation, Inc.
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
>
> Secret key is available.
>
> sec rsa4096/B3FA653D57300D45
> created: 2018-03-20 expires: never usage: SC
> trust: unknown validity: unknown
> ssb rsa4096/79CD893FD0C16F12
> created: 2018-03-20 expires: never usage: E
> [ unknown] (1). Wangda tan <wan...@apache.org>
>
> Thanks,
> Wangda
>
> On Mon, Jan 21, 2019 at 9:08 AM David Nalley <da...@gnsa.us> wrote:
>
>> I wonder if it's because there are no signatures on your key.
>>
>> --David
>>
>> On Mon, Jan 21, 2019 at 11:57 AM Wangda Tan <wheele...@gmail.com> wrote:
>> >
>> > Hi Brian,
>> >
>> > Here're links to my key:
>> >
>> > http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45
>> >
>> > http://pgp.mit.edu/pks/lookup?op=get&search=0xB3FA653D57300D45
>> >
>> > On Apache SVN:
>> https://dist.apache.org/repos/dist/release/hadoop/common/KEYS
>> >
>> > Thanks,
>> > Wangda
>> >
>> > On Mon, Jan 21, 2019 at 6:51 AM Brian Demers <brian.dem...@gmail.com>
>> wrote:
>> >>
>> >> Can you share the link to your key?
>> >>
>> >> -Brian
>> >>
>> >> On Jan 20, 2019, at 11:21 PM, Wangda Tan <wheele...@gmail.com> wrote:
>> >>
>> >> Still couldn't figure out without locating the log on the Nexus
>> machine. With help from several committers and PMCs, we didn't see anything
>> wrong with my signing key.
>> >>
>> >> I don't want to delay 3.1.2 more because of this. Is it allowed for me
>> to publish artifacts (like tarball, source package, etc.) only and somebody
>> else to push Maven bits to Nexus. I believe Apache bylaw should allow that
>> because there're several releases have more than one release managers. If
>> it is not allowed, please take over the RM role if you have the bandwidth,
>> I think most works have been done except close the Nexus repo.
>> >>
>> >> Thanks,
>> >> Wangda
>> >>
>> >> On Thu, Jan 17, 2019 at 11:18 AM Wangda Tan <wheele...@gmail.com>
>> wrote:
>> >>>
>> >>> Spent several more hours trying to figure out the issue, still no
>> luck.
>> >>>
>> >>> I just filed https://issues.sonatype.org/browse/OSSRH-45646, really
>> appreciate if anybody could add some suggestions.
>> >>>
>> >>> Thanks,
>> >>> Wangda
>> >>>
>> >>> On Tue, Jan 15, 2019 at 9:48 AM Wangda Tan <wheele...@gmail.com>
>> wrote:
>> >>>>
>> >>>> It seems the problem still exists for me:
>> >>>>
>> >>>> Now the error message only contains:
>> >>>>
>> >>>> failureMessage Failed to validate the pgp signature of
>> '/org/apache/hadoop/hadoop-client-check-invariants/3.1.2/hadoop-client-check-invariants-3.1.2.pom',
>> check the logs.
>> >>>> failureMessage Failed to validate the pgp signature of
>> '/org/apache/hadoop/hadoop-resourceestimator/3.1.2/hadoop-resourceestimator-3.1.2-javadoc.jar',
>> check the logs.
>> >>>>
>> >>>> If anybody has access the Nexus node, could you please help to check
>> what is the failure message?
>> >>>>
>> >>>> Thanks,
>> >>>> Wangda
>> >>>>
>> >>>>
>> >>>> On Tue, Jan 15, 2019 at 9:56 AM Brian Fox <bri...@infinity.nu>
>> wrote:
>> >>>>>
>> >>>>> Good to know. The pool has occasionally had sync issues, but we're
>> talking 3 times in the last 8-9 years.
>> >>>>>
>> >>>>> On Tue, Jan 15, 2019 at 10:39 AM Elek, Marton <e...@apache.org>
>> wrote:
>> >>>>>>
>> >>>>>> My key was pushed to the server with pgp about 1 year ago, and it
>> worked
>> >>>>>> well with the last Ratis release. So it should be synced between
>> the key
>> >>>>>> servers.
>> >>>>>>
>> >>>>>> But it seems that the INFRA solved the problem with shuffling the
>> key
>> >>>>>> server order (or it was an intermittent issue): see INFRA-17649
>> >>>>>>
>> >>>>>> Seems to be working now...
>> >>>>>>
>> >>>>>> Marton
>> >>>>>>
>> >>>>>>
>> >>>>>> On 1/15/19 5:19 AM, Wangda Tan wrote:
>> >>>>>> > HI Brain,
>> >>>>>> > Thanks for responding, could u share how to push to keys to
>> Apache pgp pool?
>> >>>>>> >
>> >>>>>> > Best,
>> >>>>>> > Wangda
>> >>>>>> >
>> >>>>>> > On Mon, Jan 14, 2019 at 10:44 AM Brian Fox <bri...@infinity.nu>
>> wrote:
>> >>>>>> >
>> >>>>>> >> Did you push your key up to the pgp pool? That's what Nexus is
>> validating
>> >>>>>> >> against. It might take time to propagate if you just pushed it.
>> >>>>>> >>
>> >>>>>> >> On Mon, Jan 14, 2019 at 9:59 AM Elek, Marton <e...@apache.org>
>> wrote:
>> >>>>>> >>
>> >>>>>> >>> Seems to be an INFRA issue for me:
>> >>>>>> >>>
>> >>>>>> >>> 1. I downloaded a sample jar file [1] + the signature from the
>> >>>>>> >>> repository and it was ok, locally I verified it.
>> >>>>>> >>>
>> >>>>>> >>> 2. I tested it with an other Apache project (Ratis) and my
>> key. I got
>> >>>>>> >>> the same problem even if it worked at last year during the
>> 0.3.0
>> >>>>>> >>> release. (I used exactly the same command)
>> >>>>>> >>>
>> >>>>>> >>> I opened an infra ticket to check the logs of the Nexus as it
>> was
>> >>>>>> >>> suggested in the error message:
>> >>>>>> >>>
>> >>>>>> >>> https://issues.apache.org/jira/browse/INFRA-17649
>> >>>>>> >>>
>> >>>>>> >>> Marton
>> >>>>>> >>>
>> >>>>>> >>>
>> >>>>>> >>> [1]:
>> >>>>>> >>>
>> >>>>>> >>>
>> https://repository.apache.org/service/local/repositories/orgapachehadoop-1183/content/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-javadoc.jar
>> >>>>>> >>>
>> >>>>>> >>>
>> >>>>>> >>> On 1/13/19 6:27 AM, Wangda Tan wrote:
>> >>>>>> >>>> Uploaded sample file and signature.
>> >>>>>> >>>>
>> >>>>>> >>>>
>> >>>>>> >>>>
>> >>>>>> >>>> On Sat, Jan 12, 2019 at 9:18 PM Wangda Tan <
>> wheele...@gmail.com
>> >>>>>> >>>> <mailto:wheele...@gmail.com>> wrote:
>> >>>>>> >>>>
>> >>>>>> >>>> Actually, among the hundreds of failed messages, the "No
>> public key"
>> >>>>>> >>>> issues still occurred several times:
>> >>>>>> >>>>
>> >>>>>> >>>> failureMessage No public key: Key with id:
>> (b3fa653d57300d45)
>> >>>>>> >>>> was not able to be located on
>> http://gpg-keyserver.de/. Upload
>> >>>>>> >>>> your public key and try the operation again.
>> >>>>>> >>>> failureMessage No public key: Key with id:
>> (b3fa653d57300d45)
>> >>>>>> >>>> was not able to be located on
>> >>>>>> >>>> http://pool.sks-keyservers.net:11371. Upload your
>> public key
>> >>>>>> >>> and
>> >>>>>> >>>> try the operation again.
>> >>>>>> >>>> failureMessage No public key: Key with id:
>> (b3fa653d57300d45)
>> >>>>>> >>>> was not able to be located on
>> http://pgp.mit.edu:11371. Upload
>> >>>>>> >>>> your public key and try the operation again.
>> >>>>>> >>>>
>> >>>>>> >>>> Once the close operation returned, I will upload sample
>> files which
>> >>>>>> >>>> may help troubleshoot the issue.
>> >>>>>> >>>>
>> >>>>>> >>>> Thanks,
>> >>>>>> >>>>
>> >>>>>> >>>> On Sat, Jan 12, 2019 at 9:04 PM Wangda Tan <
>> wheele...@gmail.com
>> >>>>>> >>>> <mailto:wheele...@gmail.com>> wrote:
>> >>>>>> >>>>
>> >>>>>> >>>> Thanks David for the quick response!
>> >>>>>> >>>>
>> >>>>>> >>>> I just retried, now the "No public key" issue is
>> gone. However,
>> >>>>>> >>>> the issue:
>> >>>>>> >>>>
>> >>>>>> >>>> failureMessage Failed to validate the pgp
>> signature of
>> >>>>>> >>>>
>> >>>>>> >>>
>> '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-tests.jar',
>> >>>>>> >>>> check the logs.
>> >>>>>> >>>> failureMessage Failed to validate the pgp
>> signature of
>> >>>>>> >>>>
>> >>>>>> >>>
>> '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-test-sources.jar',
>> >>>>>> >>>> check the logs.
>> >>>>>> >>>> failureMessage Failed to validate the pgp
>> signature of
>> >>>>>> >>>>
>> >>>>>> >>>
>> '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2.pom',
>> >>>>>> >>>> check the logs.
>> >>>>>> >>>>
>> >>>>>> >>>>
>> >>>>>> >>>> Still exists and repeated hundreds of times. Do you
>> know how to
>> >>>>>> >>>> access the logs mentioned by above log?
>> >>>>>> >>>>
>> >>>>>> >>>> Best,
>> >>>>>> >>>> Wangda
>> >>>>>> >>>>
>> >>>>>> >>>> On Sat, Jan 12, 2019 at 8:37 PM David Nalley <
>> da...@gnsa.us
>> >>>>>> >>>> <mailto:da...@gnsa.us>> wrote:
>> >>>>>> >>>>
>> >>>>>> >>>> On Sat, Jan 12, 2019 at 9:09 PM Wangda Tan
>> >>>>>> >>>> <wheele...@gmail.com <mailto:wheele...@gmail.com>>
>> wrote:
>> >>>>>> >>>> >
>> >>>>>> >>>> > Hi Devs,
>> >>>>>> >>>> >
>> >>>>>> >>>> > I'm currently rolling Hadoop 3.1.2 release
>> candidate,
>> >>>>>> >>>> however, I saw an issue when I try to close repo
>> in Nexus.
>> >>>>>> >>>> >
>> >>>>>> >>>> > Logs of
>> >>>>>> >>> https://repository.apache.org/#stagingRepositories
>> >>>>>> >>>> (orgapachehadoop-1183) shows hundreds of lines of
>> the
>> >>>>>> >>>> following error:
>> >>>>>> >>>> >
>> >>>>>> >>>> > failureMessage No public key: Key with id:
>> >>>>>> >>>> (b3fa653d57300d45) was not able to be located on
>> >>>>>> >>>> http://gpg-keyserver.de/. Upload your public key
>> and try
>> >>>>>> >>> the
>> >>>>>> >>>> operation again.
>> >>>>>> >>>> > failureMessage No public key: Key with id:
>> >>>>>> >>>> (b3fa653d57300d45) was not able to be located on
>> >>>>>> >>>> http://pool.sks-keyservers.net:11371. Upload
>> your public
>> >>>>>> >>> key
>> >>>>>> >>>> and try the operation again.
>> >>>>>> >>>> > failureMessage No public key: Key with id:
>> >>>>>> >>>> (b3fa653d57300d45) was not able to be located on
>> >>>>>> >>>> http://pgp.mit.edu:11371. Upload your public key
>> and try
>> >>>>>> >>> the
>> >>>>>> >>>> operation again.
>> >>>>>> >>>> > ...
>> >>>>>> >>>> > failureMessage Failed to validate the pgp
>> signature of
>> >>>>>> >>>>
>> >>>>>> >>>
>> '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-tests.jar',
>> >>>>>> >>>> check the logs.
>> >>>>>> >>>> > failureMessage Failed to validate the pgp
>> signature of
>> >>>>>> >>>>
>> >>>>>> >>>
>> '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-test-sources.jar',
>> >>>>>> >>>> check the logs.
>> >>>>>> >>>> > failureMessage Failed to validate the pgp
>> signature of
>> >>>>>> >>>>
>> >>>>>> >>>
>> '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-sources.jar',
>> >>>>>> >>>> check the logs.
>> >>>>>> >>>> >
>> >>>>>> >>>> >
>> >>>>>> >>>> > This is the same key I used before (and
>> finished two
>> >>>>>> >>>> releases), the same environment I used before.
>> >>>>>> >>>> >
>> >>>>>> >>>> > I have tried more than 10 times in the last two
>> days, no
>> >>>>>> >>>> luck. And closing the repo takes almost one hour
>> (Regular
>> >>>>>> >>>> time is less than 1 min) and always fail at the
>> last.
>> >>>>>> >>>> >
>> >>>>>> >>>> > I used following commands to validate key
>> exists on key
>> >>>>>> >>>> servers
>> >>>>>> >>>> >
>> >>>>>> >>>> > gpg --keyserver pgp.mit.edu <http://pgp.mit.edu
>> >
>> >>>>>> >>>> --recv-keys 57300D45
>> >>>>>> >>>> > gpg: WARNING: unsafe permissions on homedir
>> >>>>>> >>>> '/Users/wtan/.gnupg'
>> >>>>>> >>>> > gpg: key B3FA653D57300D45: 1 signature not
>> checked due to
>> >>>>>> >>>> a missing key
>> >>>>>> >>>> > gpg: key B3FA653D57300D45: "Wangda tan <
>> wan...@apache.org
>> >>>>>> >>>> <mailto:wan...@apache.org>>" not changed
>> >>>>>> >>>> > gpg: Total number processed: 1
>> >>>>>> >>>> > gpg: unchanged: 1
>> >>>>>> >>>> >
>> >>>>>> >>>> > gpg --keyserver pool.sks-keyservers.net
>> >>>>>> >>>> <http://pool.sks-keyservers.net> --recv-keys
>> >>>>>> >>> B3FA653D57300D45
>> >>>>>> >>>> > gpg: WARNING: unsafe permissions on homedir
>> >>>>>> >>>> '/Users/wtan/.gnupg'
>> >>>>>> >>>> > gpg: key B3FA653D57300D45: 1 signature not
>> checked due to
>> >>>>>> >>>> a missing key
>> >>>>>> >>>> > gpg: key B3FA653D57300D45: "Wangda tan <
>> wan...@apache.org
>> >>>>>> >>>> <mailto:wan...@apache.org>>" not changed
>> >>>>>> >>>> > gpg: Total number processed: 1
>> >>>>>> >>>> > gpg: unchanged: 1
>> >>>>>> >>>> >
>> >>>>>> >>>>
>> >>>>>> >>>> Both of these report that your key was not found.
>> >>>>>> >>>> I took the key from the KEYS file and uploaded it
>> to both of
>> >>>>>> >>>> those servers.
>> >>>>>> >>>>
>> >>>>>> >>>> You might try the release again and see if this
>> resolves the
>> >>>>>> >>>> issue.
>> >>>>>> >>>>
>> >>>>>> >>>>
>> >>>>>> >>>>
>> >>>>>> >>>>
>> ---------------------------------------------------------------------
>> >>>>>> >>>> To unsubscribe, e-mail:
>> hdfs-dev-unsubscr...@hadoop.apache.org
>> >>>>>> >>>> For additional commands, e-mail:
>> hdfs-dev-h...@hadoop.apache.org
>> >>>>>> >>>>
>> >>>>>> >>>
>> >>>>>> >>
>> >>>>>> >
>>
>
