Thanks Madhan and Sarath. I tried the below and the signature verification worked with warning as shown below: curl -O https://dist.apache.org/repos/dist/dev/atlas/KEYS gpg --import KEYS gpg --list madhan # Checked it has FED467D3B01179D4 gpg --verify apache-atlas-2.3.0-sources.tar.gz.asc apache-atlas-2.3.0-sources.tar.gz gpg: Signature made Mon Nov 28 13:14:22 2022 PST gpg: using RSA key FED467D3B01179D4 gpg: Good signature from "Madhan Neethiraj <mad...@apache.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 0524 DD1F 7940 6654 6D61 0744 FED4 67D3 B011 79D4
Still I am getting below error when I run maven clean install. Adding the -Dmaven.wagon.http.ssl.ignore.validity.dates=true -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true is ignoring this issue. Do you have any ideas on this? [ERROR] Failed to execute goal on project atlas-testtools: Could not resolve dependencies for project org.apache.atlas:atlas-testtools:jar:2.3.0: Failed to collect dependencies at org.apache.solr:solr-test-framework:jar:8.6.3 -> org.restlet.jee:org.restlet:jar:2.4.3: Failed to read artifact descriptor for org.restlet.jee:org.restlet:jar:2.4.3: Could not transfer artifact org.restlet.jee:org.restlet:pom:2.4.3 from/to maven-restlet (https://maven.restlet.com): transfer failed for https://maven.restlet.com/org/restlet/jee/org.restlet/2.4.3/org.restlet-2.4.3.pom: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed: NotAfter: Sun Nov 13 09:05:56 PST 2022 -> [Help 1] Thanks, Sid On Thu, Dec 1, 2022 at 10:04 AM Sarath Subramanian <sar...@apache.org> wrote: > > Sid, > > I followed the below steps to verify signature. I'm running on Mac OS > Monterey. > > wget https://dist.apache.org/repos/dist/dev/atlas/KEYS > > gpg --import KEYS > > gpg --verify apache-atlas-2.3.0-sources.tar.gz.asc > > apache-atlas-2.3.0-sources.tar.gz > > > > Thanks, > Sarath > > On Wed, Nov 30, 2022 at 11:50 PM Sidharth Mishra <sidmis...@apache.org> > wrote: > > > Thank you Madhan for the release candidate. > > > > Validated the following and faced some issues as mentioned below: > > > > - Able to download source, signature, md5 and sha512 files and verify > > the checksum hash > > - I am not able to verify the signature of the source. Steps I followed: > > curl -O https://downloads.apache.org/atlas/KEYS > > gpg --import KEYS > > gpg --list-sigs madhan # Gives the correct output > > pub rsa4096 2020-06-10 [SC] [expires: 2024-06-09] > > 1B6007E9CDEC4913DFB5031B630E02BA8823016D > > uid [ unknown] Madhan Neethiraj < > > mad...@apache.org> > > sig 3 630E02BA8823016D 2020-06-10 > > Madhan Neethiraj <mad...@apache.org> > > sub rsa4096 2020-06-10 [E] [expires: 2024-06-09] > > sig 630E02BA8823016D 2020-06-10 Madhan > > Neethiraj <mad...@apache.org> > > > > pub rsa2048 2014-11-10 [SC] [expired: 2018-11-10] > > 4BDEE6708B5F5216CF0BA42754EA1B4FFA03B08A > > uid [ expired] Madhan Neethiraj < > > mad...@apache.org> > > sig 3 54EA1B4FFA03B08A 2014-11-10 Madhan > > Neethiraj <mad...@apache.org> > > sig 9C0596B11E19B762 2014-11-10 [User ID not > > found] > > sig 2C1CD6311ED05C4A 2016-02-16 [User ID not > > found] > > sig 3 X EB4200BBD4393DE8 2016-04-30 [User ID not > > found] > > > > gpg --verify apache-atlas-2.3.0-sources.tar.gz.asc > > apache-atlas-2.3.0-sources.tar.gz > > gpg: Signature made Mon Nov 28 13:14:22 2022 PST > > gpg: using RSA key FED467D3B01179D4 > > gpg: Can't check signature: No public key > > > > # Even tried this and no help as it didn't download any keys > > gpg --keyserver > > https://dist.apache.org/repos/dist/release/atlas/KEYS --recv-keys > > FED467D3B01179D4 > > > > - Build failed for the source using embedded-hbase-solr profile - > > > > [ERROR] Failed to execute goal on project atlas-testtools: Could not > > resolve dependencies for project > > org.apache.atlas:atlas-testtools:jar:2.3.0: Failed to collect > > dependencies at org.apache.solr:solr-test-framework:jar:8.6.3 -> > > org.restlet.jee:org.restlet:jar:2.4.3: Failed to read artifact > > descriptor for org.restlet.jee:org.restlet:jar:2.4.3: Could not > > transfer artifact org.restlet.jee:org.restlet:pom:2.4.3 from/to > > maven-restlet (https://maven.restlet.com): transfer failed for > > > > https://maven.restlet.com/org/restlet/jee/org.restlet/2.4.3/org.restlet-2.4.3.pom > > : > > sun.security.validator.ValidatorException: PKIX path validation > > failed: java.security.cert.CertPathValidatorException: validity check > > failed: NotAfter: Sun Nov 13 09:05:56 PST 2022 -> [Help 1] > > [ERROR] > > [ERROR] To see the full stack trace of the errors, re-run Maven with > > the -e switch. > > [ERROR] Re-run Maven using the -X switch to enable full debug logging. > > [ERROR] > > [ERROR] For more information about the errors and possible > > solutions, please read the following articles: > > [ERROR] [Help 1] > > > > http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException > > [ERROR] > > [ERROR] After correcting the problems, you can resume the build with > > the command > > [ERROR] mvn <args> -rf :atlas-testtools > > > > By running the below command the above issue was resolved as it > > ignored all ssl verifications (Similar issue - > > > > https://stackoverflow.com/questions/68199459/maven-build-failed-pkix-path-validation-failed-java-security-cert-certpathval > > ): > > ln -s /usr/local/bin/python3 /usr/local/bin/python # As by > > default python3 gets installed when we upgrade to mac ventura and no > > python symlink > > mvn clean install > > -Dmaven.wagon.http.ssl.ignore.validity.dates=true > > -Dmaven.wagon.http.ssl.insecure=true > > -Dmaven.wagon.http.ssl.allowall=true > > mvn clean package -Pdist > > -Dmaven.wagon.http.ssl.ignore.validity.dates=true > > -Dmaven.wagon.http.ssl.insecure=true > > -Dmaven.wagon.http.ssl.allowall=true > > > > - started Atlas and ran quickstart script to preload sample types and > > entities > > - validated relation search, basic and advanced search > > > > P.S. Recently I upgraded my mac to ventura and I'm not sure if these > > issues are due to the upgrade. If someone else has a similar mac > > version and it works for them then we are good to proceed. > > Please check once if the signature is correct or else I will debug > > further at my end. > > > > Thanks, > > Sid > > > > > > > > On Tue, Nov 29, 2022 at 10:17 PM Sarath Subramanian <sar...@apache.org> > > wrote: > > > > > > Thank you Madhan for the release candidate. > > > > > > +1 for Apache Atlas 2.3.0 release candidate #1 > > > > > > validated the following: > > > - Able to download source, signature, md5 and sha512 files and verified > > > checksum hash > > > - validated signature of source from release manager (Madhan Neethiraj < > > > mad...@apache.org>) > > > - Build the source successfully using embedded-hbase-solr profile > > > - started Atlas and ran quickstart script to preload sample types and > > > entities > > > - validated relation search, basic and advanced search > > > > > > Thanks, > > > Sarath > > > > > > > > > > > > > > > > > > On Mon, Nov 28, 2022 at 1:50 PM Madhan Neethiraj <mad...@apache.org> > > wrote: > > > > > > > Atlas team, > > > > > > > > > > > > > > > > Apache Atlas 2.3.0 release candidate #1 is now available for a vote > > within > > > > dev community. Links to the release artifacts are given below. Please > > > > review and vote. > > > > > > > > > > > > > > > > The vote will be open for at least 72 hours or until necessary votes > > are > > > > reached. > > > > > > > > [ ] +1 approve > > > > > > > > [ ] +0 no opinion > > > > > > > > [ ] -1 disapprove (and reason why) > > > > > > > > > > > > > > > > Thanks, > > > > > > > > Madhan > > > > > > > > > > > > > > > > > > > > > > > > List of issues addressed in this release: > > > > > > https://issues.apache.org/jira/issues/?jql=project%20%3D%20Atlas%20AND%20fixVersion%20%3D%202.3.0%20ORDER%20BY%20key%20DESC > > > > > > > > > > > > > > > > Git tag for the release: > > > > https://github.com/apache/atlas/tree/release-2.3.0-rc1 > > > > > > > > Sources for the release: > > > > > > https://dist.apache.org/repos/dist/dev/atlas/2.3.0-rc1/apache-atlas-2.3.0-sources.tar.gz > > > > > > > > > > > > > > > > Source release verification: > > > > > > > > PGP Signature: > > > > > > https://dist.apache.org/repos/dist/dev/atlas/2.3.0-rc1/apache-atlas-2.3.0-sources.tar.gz.asc > > > > > > > > MD5 Hash: > > > > > > https://dist.apache.org/repos/dist/dev/atlas/2.3.0-rc1/apache-atlas-2.3.0-sources.tar.gz.md5 > > > > > > > > SHA512 Hash: > > > > > > https://dist.apache.org/repos/dist/dev/atlas/2.3.0-rc1/apache-atlas-2.3.0-sources.tar.gz.sha512 > > > > > > > > > > > > > > > > Keys to verify the signature of the release artifacts are available at: > > > > https://dist.apache.org/repos/dist/dev/atlas/KEYS > > > > > > > > > >