I just checked on KEYS file, it doesn't show sig part. I updated KEYS file on Apache https://dist.apache.org/repos/dist/release/hadoop/common/KEYS and made it be ultimately trusted.
pub rsa4096 2018-03-20 [SC] 4C899853CDDA4E40C60212B5B3FA653D57300D45 uid [ultimate] Wangda tan <wan...@apache.org> sig 3 B3FA653D57300D45 2018-03-20 Wangda tan <wan...@apache.org> sub rsa4096 2018-03-20 [E] sig B3FA653D57300D45 2018-03-20 Wangda tan <wan...@apache.org> But the error still remains same while closing repo, not sure how to get it resolved .. On Mon, Jan 21, 2019 at 9:14 AM Wangda Tan <wheele...@gmail.com> wrote: > Hi David, > > Thanks for helping check this, > > I can see signatures on my key: > > pub 4096R/57300D45 > <http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45> 2018-03-20 > Fingerprint=4C89 9853 CDDA 4E40 C602 12B5 B3FA 653D 5730 0D45 > uid Wangda tan <wan...@apache.org> > sig sig3 57300D45 > <http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45> 2018-03-20 > __________ __________ [selfsig] > <http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0xB3FA653D57300D45> > sig sig C36C5F0F > <http://pool.sks-keyservers.net:11371/key/0x255ADF56C36C5F0F> 2018-04-05 > __________ __________ Vinod Kumar Vavilapalli (I am also known as @tshooter.) > <vino...@apache.org> > <http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0x255ADF56C36C5F0F> > sig sig F9CBBD4C > <http://pool.sks-keyservers.net:11371/key/0x29ED86E6F9CBBD4C> 2018-11-08 > __________ __________ shikong <wudimengh...@gmail.com> > <http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0x29ED86E6F9CBBD4C> > sub 4096R/D0C16F12 2018-03-20 > sig sbind 57300D45 > <http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45> 2018-03-20 > __________ __________ [] > <http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0xB3FA653D57300D45> > > And gpg --edit-key also shows: > > gpg --edit-key 4C899853CDDA4E40C60212B5B3FA653D57300D45 > gpg (GnuPG) 2.2.5; Copyright (C) 2018 Free Software Foundation, Inc. > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. > > Secret key is available. > > sec rsa4096/B3FA653D57300D45 > created: 2018-03-20 expires: never usage: SC > trust: unknown validity: unknown > ssb rsa4096/79CD893FD0C16F12 > created: 2018-03-20 expires: never usage: E > [ unknown] (1). Wangda tan <wan...@apache.org> > > Thanks, > Wangda > > On Mon, Jan 21, 2019 at 9:08 AM David Nalley <da...@gnsa.us> wrote: > >> I wonder if it's because there are no signatures on your key. >> >> --David >> >> On Mon, Jan 21, 2019 at 11:57 AM Wangda Tan <wheele...@gmail.com> wrote: >> > >> > Hi Brian, >> > >> > Here're links to my key: >> > >> > http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45 >> > >> > http://pgp.mit.edu/pks/lookup?op=get&search=0xB3FA653D57300D45 >> > >> > On Apache SVN: >> https://dist.apache.org/repos/dist/release/hadoop/common/KEYS >> > >> > Thanks, >> > Wangda >> > >> > On Mon, Jan 21, 2019 at 6:51 AM Brian Demers <brian.dem...@gmail.com> >> wrote: >> >> >> >> Can you share the link to your key? >> >> >> >> -Brian >> >> >> >> On Jan 20, 2019, at 11:21 PM, Wangda Tan <wheele...@gmail.com> wrote: >> >> >> >> Still couldn't figure out without locating the log on the Nexus >> machine. With help from several committers and PMCs, we didn't see anything >> wrong with my signing key. >> >> >> >> I don't want to delay 3.1.2 more because of this. Is it allowed for me >> to publish artifacts (like tarball, source package, etc.) only and somebody >> else to push Maven bits to Nexus. I believe Apache bylaw should allow that >> because there're several releases have more than one release managers. If >> it is not allowed, please take over the RM role if you have the bandwidth, >> I think most works have been done except close the Nexus repo. >> >> >> >> Thanks, >> >> Wangda >> >> >> >> On Thu, Jan 17, 2019 at 11:18 AM Wangda Tan <wheele...@gmail.com> >> wrote: >> >>> >> >>> Spent several more hours trying to figure out the issue, still no >> luck. >> >>> >> >>> I just filed https://issues.sonatype.org/browse/OSSRH-45646, really >> appreciate if anybody could add some suggestions. >> >>> >> >>> Thanks, >> >>> Wangda >> >>> >> >>> On Tue, Jan 15, 2019 at 9:48 AM Wangda Tan <wheele...@gmail.com> >> wrote: >> >>>> >> >>>> It seems the problem still exists for me: >> >>>> >> >>>> Now the error message only contains: >> >>>> >> >>>> failureMessage Failed to validate the pgp signature of >> '/org/apache/hadoop/hadoop-client-check-invariants/3.1.2/hadoop-client-check-invariants-3.1.2.pom', >> check the logs. >> >>>> failureMessage Failed to validate the pgp signature of >> '/org/apache/hadoop/hadoop-resourceestimator/3.1.2/hadoop-resourceestimator-3.1.2-javadoc.jar', >> check the logs. >> >>>> >> >>>> If anybody has access the Nexus node, could you please help to check >> what is the failure message? >> >>>> >> >>>> Thanks, >> >>>> Wangda >> >>>> >> >>>> >> >>>> On Tue, Jan 15, 2019 at 9:56 AM Brian Fox <bri...@infinity.nu> >> wrote: >> >>>>> >> >>>>> Good to know. The pool has occasionally had sync issues, but we're >> talking 3 times in the last 8-9 years. >> >>>>> >> >>>>> On Tue, Jan 15, 2019 at 10:39 AM Elek, Marton <e...@apache.org> >> wrote: >> >>>>>> >> >>>>>> My key was pushed to the server with pgp about 1 year ago, and it >> worked >> >>>>>> well with the last Ratis release. So it should be synced between >> the key >> >>>>>> servers. >> >>>>>> >> >>>>>> But it seems that the INFRA solved the problem with shuffling the >> key >> >>>>>> server order (or it was an intermittent issue): see INFRA-17649 >> >>>>>> >> >>>>>> Seems to be working now... >> >>>>>> >> >>>>>> Marton >> >>>>>> >> >>>>>> >> >>>>>> On 1/15/19 5:19 AM, Wangda Tan wrote: >> >>>>>> > HI Brain, >> >>>>>> > Thanks for responding, could u share how to push to keys to >> Apache pgp pool? >> >>>>>> > >> >>>>>> > Best, >> >>>>>> > Wangda >> >>>>>> > >> >>>>>> > On Mon, Jan 14, 2019 at 10:44 AM Brian Fox <bri...@infinity.nu> >> wrote: >> >>>>>> > >> >>>>>> >> Did you push your key up to the pgp pool? That's what Nexus is >> validating >> >>>>>> >> against. It might take time to propagate if you just pushed it. >> >>>>>> >> >> >>>>>> >> On Mon, Jan 14, 2019 at 9:59 AM Elek, Marton <e...@apache.org> >> wrote: >> >>>>>> >> >> >>>>>> >>> Seems to be an INFRA issue for me: >> >>>>>> >>> >> >>>>>> >>> 1. I downloaded a sample jar file [1] + the signature from the >> >>>>>> >>> repository and it was ok, locally I verified it. >> >>>>>> >>> >> >>>>>> >>> 2. I tested it with an other Apache project (Ratis) and my >> key. I got >> >>>>>> >>> the same problem even if it worked at last year during the >> 0.3.0 >> >>>>>> >>> release. (I used exactly the same command) >> >>>>>> >>> >> >>>>>> >>> I opened an infra ticket to check the logs of the Nexus as it >> was >> >>>>>> >>> suggested in the error message: >> >>>>>> >>> >> >>>>>> >>> https://issues.apache.org/jira/browse/INFRA-17649 >> >>>>>> >>> >> >>>>>> >>> Marton >> >>>>>> >>> >> >>>>>> >>> >> >>>>>> >>> [1]: >> >>>>>> >>> >> >>>>>> >>> >> https://repository.apache.org/service/local/repositories/orgapachehadoop-1183/content/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-javadoc.jar >> >>>>>> >>> >> >>>>>> >>> >> >>>>>> >>> On 1/13/19 6:27 AM, Wangda Tan wrote: >> >>>>>> >>>> Uploaded sample file and signature. >> >>>>>> >>>> >> >>>>>> >>>> >> >>>>>> >>>> >> >>>>>> >>>> On Sat, Jan 12, 2019 at 9:18 PM Wangda Tan < >> wheele...@gmail.com >> >>>>>> >>>> <mailto:wheele...@gmail.com>> wrote: >> >>>>>> >>>> >> >>>>>> >>>> Actually, among the hundreds of failed messages, the "No >> public key" >> >>>>>> >>>> issues still occurred several times: >> >>>>>> >>>> >> >>>>>> >>>> failureMessage No public key: Key with id: >> (b3fa653d57300d45) >> >>>>>> >>>> was not able to be located on >> http://gpg-keyserver.de/. Upload >> >>>>>> >>>> your public key and try the operation again. >> >>>>>> >>>> failureMessage No public key: Key with id: >> (b3fa653d57300d45) >> >>>>>> >>>> was not able to be located on >> >>>>>> >>>> http://pool.sks-keyservers.net:11371. Upload your >> public key >> >>>>>> >>> and >> >>>>>> >>>> try the operation again. >> >>>>>> >>>> failureMessage No public key: Key with id: >> (b3fa653d57300d45) >> >>>>>> >>>> was not able to be located on >> http://pgp.mit.edu:11371. Upload >> >>>>>> >>>> your public key and try the operation again. >> >>>>>> >>>> >> >>>>>> >>>> Once the close operation returned, I will upload sample >> files which >> >>>>>> >>>> may help troubleshoot the issue. >> >>>>>> >>>> >> >>>>>> >>>> Thanks, >> >>>>>> >>>> >> >>>>>> >>>> On Sat, Jan 12, 2019 at 9:04 PM Wangda Tan < >> wheele...@gmail.com >> >>>>>> >>>> <mailto:wheele...@gmail.com>> wrote: >> >>>>>> >>>> >> >>>>>> >>>> Thanks David for the quick response! >> >>>>>> >>>> >> >>>>>> >>>> I just retried, now the "No public key" issue is >> gone. However, >> >>>>>> >>>> the issue: >> >>>>>> >>>> >> >>>>>> >>>> failureMessage Failed to validate the pgp >> signature of >> >>>>>> >>>> >> >>>>>> >>> >> '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-tests.jar', >> >>>>>> >>>> check the logs. >> >>>>>> >>>> failureMessage Failed to validate the pgp >> signature of >> >>>>>> >>>> >> >>>>>> >>> >> '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-test-sources.jar', >> >>>>>> >>>> check the logs. >> >>>>>> >>>> failureMessage Failed to validate the pgp >> signature of >> >>>>>> >>>> >> >>>>>> >>> >> '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2.pom', >> >>>>>> >>>> check the logs. >> >>>>>> >>>> >> >>>>>> >>>> >> >>>>>> >>>> Still exists and repeated hundreds of times. Do you >> know how to >> >>>>>> >>>> access the logs mentioned by above log? >> >>>>>> >>>> >> >>>>>> >>>> Best, >> >>>>>> >>>> Wangda >> >>>>>> >>>> >> >>>>>> >>>> On Sat, Jan 12, 2019 at 8:37 PM David Nalley < >> da...@gnsa.us >> >>>>>> >>>> <mailto:da...@gnsa.us>> wrote: >> >>>>>> >>>> >> >>>>>> >>>> On Sat, Jan 12, 2019 at 9:09 PM Wangda Tan >> >>>>>> >>>> <wheele...@gmail.com <mailto:wheele...@gmail.com>> >> wrote: >> >>>>>> >>>> > >> >>>>>> >>>> > Hi Devs, >> >>>>>> >>>> > >> >>>>>> >>>> > I'm currently rolling Hadoop 3.1.2 release >> candidate, >> >>>>>> >>>> however, I saw an issue when I try to close repo >> in Nexus. >> >>>>>> >>>> > >> >>>>>> >>>> > Logs of >> >>>>>> >>> https://repository.apache.org/#stagingRepositories >> >>>>>> >>>> (orgapachehadoop-1183) shows hundreds of lines of >> the >> >>>>>> >>>> following error: >> >>>>>> >>>> > >> >>>>>> >>>> > failureMessage No public key: Key with id: >> >>>>>> >>>> (b3fa653d57300d45) was not able to be located on >> >>>>>> >>>> http://gpg-keyserver.de/. Upload your public key >> and try >> >>>>>> >>> the >> >>>>>> >>>> operation again. >> >>>>>> >>>> > failureMessage No public key: Key with id: >> >>>>>> >>>> (b3fa653d57300d45) was not able to be located on >> >>>>>> >>>> http://pool.sks-keyservers.net:11371. Upload >> your public >> >>>>>> >>> key >> >>>>>> >>>> and try the operation again. >> >>>>>> >>>> > failureMessage No public key: Key with id: >> >>>>>> >>>> (b3fa653d57300d45) was not able to be located on >> >>>>>> >>>> http://pgp.mit.edu:11371. Upload your public key >> and try >> >>>>>> >>> the >> >>>>>> >>>> operation again. >> >>>>>> >>>> > ... >> >>>>>> >>>> > failureMessage Failed to validate the pgp >> signature of >> >>>>>> >>>> >> >>>>>> >>> >> '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-tests.jar', >> >>>>>> >>>> check the logs. >> >>>>>> >>>> > failureMessage Failed to validate the pgp >> signature of >> >>>>>> >>>> >> >>>>>> >>> >> '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-test-sources.jar', >> >>>>>> >>>> check the logs. >> >>>>>> >>>> > failureMessage Failed to validate the pgp >> signature of >> >>>>>> >>>> >> >>>>>> >>> >> '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-sources.jar', >> >>>>>> >>>> check the logs. >> >>>>>> >>>> > >> >>>>>> >>>> > >> >>>>>> >>>> > This is the same key I used before (and >> finished two >> >>>>>> >>>> releases), the same environment I used before. >> >>>>>> >>>> > >> >>>>>> >>>> > I have tried more than 10 times in the last two >> days, no >> >>>>>> >>>> luck. And closing the repo takes almost one hour >> (Regular >> >>>>>> >>>> time is less than 1 min) and always fail at the >> last. >> >>>>>> >>>> > >> >>>>>> >>>> > I used following commands to validate key >> exists on key >> >>>>>> >>>> servers >> >>>>>> >>>> > >> >>>>>> >>>> > gpg --keyserver pgp.mit.edu <http://pgp.mit.edu >> > >> >>>>>> >>>> --recv-keys 57300D45 >> >>>>>> >>>> > gpg: WARNING: unsafe permissions on homedir >> >>>>>> >>>> '/Users/wtan/.gnupg' >> >>>>>> >>>> > gpg: key B3FA653D57300D45: 1 signature not >> checked due to >> >>>>>> >>>> a missing key >> >>>>>> >>>> > gpg: key B3FA653D57300D45: "Wangda tan < >> wan...@apache.org >> >>>>>> >>>> <mailto:wan...@apache.org>>" not changed >> >>>>>> >>>> > gpg: Total number processed: 1 >> >>>>>> >>>> > gpg: unchanged: 1 >> >>>>>> >>>> > >> >>>>>> >>>> > gpg --keyserver pool.sks-keyservers.net >> >>>>>> >>>> <http://pool.sks-keyservers.net> --recv-keys >> >>>>>> >>> B3FA653D57300D45 >> >>>>>> >>>> > gpg: WARNING: unsafe permissions on homedir >> >>>>>> >>>> '/Users/wtan/.gnupg' >> >>>>>> >>>> > gpg: key B3FA653D57300D45: 1 signature not >> checked due to >> >>>>>> >>>> a missing key >> >>>>>> >>>> > gpg: key B3FA653D57300D45: "Wangda tan < >> wan...@apache.org >> >>>>>> >>>> <mailto:wan...@apache.org>>" not changed >> >>>>>> >>>> > gpg: Total number processed: 1 >> >>>>>> >>>> > gpg: unchanged: 1 >> >>>>>> >>>> > >> >>>>>> >>>> >> >>>>>> >>>> Both of these report that your key was not found. >> >>>>>> >>>> I took the key from the KEYS file and uploaded it >> to both of >> >>>>>> >>>> those servers. >> >>>>>> >>>> >> >>>>>> >>>> You might try the release again and see if this >> resolves the >> >>>>>> >>>> issue. >> >>>>>> >>>> >> >>>>>> >>>> >> >>>>>> >>>> >> >>>>>> >>>> >> --------------------------------------------------------------------- >> >>>>>> >>>> To unsubscribe, e-mail: >> hdfs-dev-unsubscr...@hadoop.apache.org >> >>>>>> >>>> For additional commands, e-mail: >> hdfs-dev-h...@hadoop.apache.org >> >>>>>> >>>> >> >>>>>> >>> >> >>>>>> >> >> >>>>>> > >> >