Sid, I followed the below steps to verify signature. I'm running on Mac OS Monterey.
wget https://dist.apache.org/repos/dist/dev/atlas/KEYS > gpg --import KEYS > gpg --verify apache-atlas-2.3.0-sources.tar.gz.asc > apache-atlas-2.3.0-sources.tar.gz > Thanks, Sarath On Wed, Nov 30, 2022 at 11:50 PM Sidharth Mishra <sidmis...@apache.org> wrote: > Thank you Madhan for the release candidate. > > Validated the following and faced some issues as mentioned below: > > - Able to download source, signature, md5 and sha512 files and verify > the checksum hash > - I am not able to verify the signature of the source. Steps I followed: > curl -O https://downloads.apache.org/atlas/KEYS > gpg --import KEYS > gpg --list-sigs madhan # Gives the correct output > pub rsa4096 2020-06-10 [SC] [expires: 2024-06-09] > 1B6007E9CDEC4913DFB5031B630E02BA8823016D > uid [ unknown] Madhan Neethiraj < > mad...@apache.org> > sig 3 630E02BA8823016D 2020-06-10 > Madhan Neethiraj <mad...@apache.org> > sub rsa4096 2020-06-10 [E] [expires: 2024-06-09] > sig 630E02BA8823016D 2020-06-10 Madhan > Neethiraj <mad...@apache.org> > > pub rsa2048 2014-11-10 [SC] [expired: 2018-11-10] > 4BDEE6708B5F5216CF0BA42754EA1B4FFA03B08A > uid [ expired] Madhan Neethiraj < > mad...@apache.org> > sig 3 54EA1B4FFA03B08A 2014-11-10 Madhan > Neethiraj <mad...@apache.org> > sig 9C0596B11E19B762 2014-11-10 [User ID not > found] > sig 2C1CD6311ED05C4A 2016-02-16 [User ID not > found] > sig 3 X EB4200BBD4393DE8 2016-04-30 [User ID not > found] > > gpg --verify apache-atlas-2.3.0-sources.tar.gz.asc > apache-atlas-2.3.0-sources.tar.gz > gpg: Signature made Mon Nov 28 13:14:22 2022 PST > gpg: using RSA key FED467D3B01179D4 > gpg: Can't check signature: No public key > > # Even tried this and no help as it didn't download any keys > gpg --keyserver > https://dist.apache.org/repos/dist/release/atlas/KEYS --recv-keys > FED467D3B01179D4 > > - Build failed for the source using embedded-hbase-solr profile - > > [ERROR] Failed to execute goal on project atlas-testtools: Could not > resolve dependencies for project > org.apache.atlas:atlas-testtools:jar:2.3.0: Failed to collect > dependencies at org.apache.solr:solr-test-framework:jar:8.6.3 -> > org.restlet.jee:org.restlet:jar:2.4.3: Failed to read artifact > descriptor for org.restlet.jee:org.restlet:jar:2.4.3: Could not > transfer artifact org.restlet.jee:org.restlet:pom:2.4.3 from/to > maven-restlet (https://maven.restlet.com): transfer failed for > > https://maven.restlet.com/org/restlet/jee/org.restlet/2.4.3/org.restlet-2.4.3.pom > : > sun.security.validator.ValidatorException: PKIX path validation > failed: java.security.cert.CertPathValidatorException: validity check > failed: NotAfter: Sun Nov 13 09:05:56 PST 2022 -> [Help 1] > [ERROR] > [ERROR] To see the full stack trace of the errors, re-run Maven with > the -e switch. > [ERROR] Re-run Maven using the -X switch to enable full debug logging. > [ERROR] > [ERROR] For more information about the errors and possible > solutions, please read the following articles: > [ERROR] [Help 1] > > http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException > [ERROR] > [ERROR] After correcting the problems, you can resume the build with > the command > [ERROR] mvn <args> -rf :atlas-testtools > > By running the below command the above issue was resolved as it > ignored all ssl verifications (Similar issue - > > https://stackoverflow.com/questions/68199459/maven-build-failed-pkix-path-validation-failed-java-security-cert-certpathval > ): > ln -s /usr/local/bin/python3 /usr/local/bin/python # As by > default python3 gets installed when we upgrade to mac ventura and no > python symlink > mvn clean install > -Dmaven.wagon.http.ssl.ignore.validity.dates=true > -Dmaven.wagon.http.ssl.insecure=true > -Dmaven.wagon.http.ssl.allowall=true > mvn clean package -Pdist > -Dmaven.wagon.http.ssl.ignore.validity.dates=true > -Dmaven.wagon.http.ssl.insecure=true > -Dmaven.wagon.http.ssl.allowall=true > > - started Atlas and ran quickstart script to preload sample types and > entities > - validated relation search, basic and advanced search > > P.S. Recently I upgraded my mac to ventura and I'm not sure if these > issues are due to the upgrade. If someone else has a similar mac > version and it works for them then we are good to proceed. > Please check once if the signature is correct or else I will debug > further at my end. > > Thanks, > Sid > > > > On Tue, Nov 29, 2022 at 10:17 PM Sarath Subramanian <sar...@apache.org> > wrote: > > > > Thank you Madhan for the release candidate. > > > > +1 for Apache Atlas 2.3.0 release candidate #1 > > > > validated the following: > > - Able to download source, signature, md5 and sha512 files and verified > > checksum hash > > - validated signature of source from release manager (Madhan Neethiraj < > > mad...@apache.org>) > > - Build the source successfully using embedded-hbase-solr profile > > - started Atlas and ran quickstart script to preload sample types and > > entities > > - validated relation search, basic and advanced search > > > > Thanks, > > Sarath > > > > > > > > > > > > On Mon, Nov 28, 2022 at 1:50 PM Madhan Neethiraj <mad...@apache.org> > wrote: > > > > > Atlas team, > > > > > > > > > > > > Apache Atlas 2.3.0 release candidate #1 is now available for a vote > within > > > dev community. Links to the release artifacts are given below. Please > > > review and vote. > > > > > > > > > > > > The vote will be open for at least 72 hours or until necessary votes > are > > > reached. > > > > > > [ ] +1 approve > > > > > > [ ] +0 no opinion > > > > > > [ ] -1 disapprove (and reason why) > > > > > > > > > > > > Thanks, > > > > > > Madhan > > > > > > > > > > > > > > > > > > List of issues addressed in this release: > > > > https://issues.apache.org/jira/issues/?jql=project%20%3D%20Atlas%20AND%20fixVersion%20%3D%202.3.0%20ORDER%20BY%20key%20DESC > > > > > > > > > > > > Git tag for the release: > > > https://github.com/apache/atlas/tree/release-2.3.0-rc1 > > > > > > Sources for the release: > > > > https://dist.apache.org/repos/dist/dev/atlas/2.3.0-rc1/apache-atlas-2.3.0-sources.tar.gz > > > > > > > > > > > > Source release verification: > > > > > > PGP Signature: > > > > https://dist.apache.org/repos/dist/dev/atlas/2.3.0-rc1/apache-atlas-2.3.0-sources.tar.gz.asc > > > > > > MD5 Hash: > > > > https://dist.apache.org/repos/dist/dev/atlas/2.3.0-rc1/apache-atlas-2.3.0-sources.tar.gz.md5 > > > > > > SHA512 Hash: > > > > https://dist.apache.org/repos/dist/dev/atlas/2.3.0-rc1/apache-atlas-2.3.0-sources.tar.gz.sha512 > > > > > > > > > > > > Keys to verify the signature of the release artifacts are available at: > > > https://dist.apache.org/repos/dist/dev/atlas/KEYS > > > > > > >
