Thanks Madhan and Sarath. I tried the below and the signature
verification worked with warning as shown below:
curl -O https://dist.apache.org/repos/dist/dev/atlas/KEYS
gpg --import KEYS
gpg --list madhan # Checked it has FED467D3B01179D4
gpg --verify apache-atlas-2.3.0-sources.tar.gz.asc
apache-atlas-2.3.0-sources.tar.gz
gpg: Signature made Mon Nov 28 13:14:22 2022 PST
gpg: using RSA key FED467D3B01179D4
gpg: Good signature from "Madhan Neethiraj <mad...@apache.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs
to the owner.
Primary key fingerprint: 0524 DD1F 7940 6654 6D61 0744 FED4
67D3 B011 79D4
Still I am getting below error when I run maven clean install. Adding
the -Dmaven.wagon.http.ssl.ignore.validity.dates=true
-Dmaven.wagon.http.ssl.insecure=true
-Dmaven.wagon.http.ssl.allowall=true is ignoring this issue. Do you
have any ideas on this?
[ERROR] Failed to execute goal on project atlas-testtools:
Could not resolve dependencies for project
org.apache.atlas:atlas-testtools:jar:2.3.0: Failed to collect
dependencies at org.apache.solr:solr-test-framework:jar:8.6.3 ->
org.restlet.jee:org.restlet:jar:2.4.3: Failed to read artifact
descriptor for org.restlet.jee:org.restlet:jar:2.4.3: Could not
transfer artifact org.restlet.jee:org.restlet:pom:2.4.3 from/to
maven-restlet (https://maven.restlet.com): transfer failed for
https://maven.restlet.com/org/restlet/jee/org.restlet/2.4.3/org.restlet-2.4.3.pom:
sun.security.validator.ValidatorException: PKIX path validation
failed: java.security.cert.CertPathValidatorException: validity check
failed: NotAfter: Sun Nov 13 09:05:56 PST 2022 -> [Help 1]
Thanks,
Sid
On Thu, Dec 1, 2022 at 10:04 AM Sarath Subramanian <sar...@apache.org> wrote:
>
> Sid,
>
> I followed the below steps to verify signature. I'm running on Mac OS
> Monterey.
>
> wget https://dist.apache.org/repos/dist/dev/atlas/KEYS
> > gpg --import KEYS
> > gpg --verify apache-atlas-2.3.0-sources.tar.gz.asc
> > apache-atlas-2.3.0-sources.tar.gz
> >
>
> Thanks,
> Sarath
>
> On Wed, Nov 30, 2022 at 11:50 PM Sidharth Mishra <sidmis...@apache.org>
> wrote:
>
> > Thank you Madhan for the release candidate.
> >
> > Validated the following and faced some issues as mentioned below:
> >
> > - Able to download source, signature, md5 and sha512 files and verify
> > the checksum hash
> > - I am not able to verify the signature of the source. Steps I followed:
> > curl -O https://downloads.apache.org/atlas/KEYS
> > gpg --import KEYS
> > gpg --list-sigs madhan # Gives the correct output
> > pub rsa4096 2020-06-10 [SC] [expires: 2024-06-09]
> > 1B6007E9CDEC4913DFB5031B630E02BA8823016D
> > uid [ unknown] Madhan Neethiraj <
> > mad...@apache.org>
> > sig 3 630E02BA8823016D 2020-06-10
> > Madhan Neethiraj <mad...@apache.org>
> > sub rsa4096 2020-06-10 [E] [expires: 2024-06-09]
> > sig 630E02BA8823016D 2020-06-10 Madhan
> > Neethiraj <mad...@apache.org>
> >
> > pub rsa2048 2014-11-10 [SC] [expired: 2018-11-10]
> > 4BDEE6708B5F5216CF0BA42754EA1B4FFA03B08A
> > uid [ expired] Madhan Neethiraj <
> > mad...@apache.org>
> > sig 3 54EA1B4FFA03B08A 2014-11-10 Madhan
> > Neethiraj <mad...@apache.org>
> > sig 9C0596B11E19B762 2014-11-10 [User ID not
> > found]
> > sig 2C1CD6311ED05C4A 2016-02-16 [User ID not
> > found]
> > sig 3 X EB4200BBD4393DE8 2016-04-30 [User ID not
> > found]
> >
> > gpg --verify apache-atlas-2.3.0-sources.tar.gz.asc
> > apache-atlas-2.3.0-sources.tar.gz
> > gpg: Signature made Mon Nov 28 13:14:22 2022 PST
> > gpg: using RSA key FED467D3B01179D4
> > gpg: Can't check signature: No public key
> >
> > # Even tried this and no help as it didn't download any keys
> > gpg --keyserver
> > https://dist.apache.org/repos/dist/release/atlas/KEYS --recv-keys
> > FED467D3B01179D4
> >
> > - Build failed for the source using embedded-hbase-solr profile -
> >
> > [ERROR] Failed to execute goal on project atlas-testtools: Could not
> > resolve dependencies for project
> > org.apache.atlas:atlas-testtools:jar:2.3.0: Failed to collect
> > dependencies at org.apache.solr:solr-test-framework:jar:8.6.3 ->
> > org.restlet.jee:org.restlet:jar:2.4.3: Failed to read artifact
> > descriptor for org.restlet.jee:org.restlet:jar:2.4.3: Could not
> > transfer artifact org.restlet.jee:org.restlet:pom:2.4.3 from/to
> > maven-restlet (https://maven.restlet.com): transfer failed for
> >
> > https://maven.restlet.com/org/restlet/jee/org.restlet/2.4.3/org.restlet-2.4.3.pom
> > :
> > sun.security.validator.ValidatorException: PKIX path validation
> > failed: java.security.cert.CertPathValidatorException: validity check
> > failed: NotAfter: Sun Nov 13 09:05:56 PST 2022 -> [Help 1]
> > [ERROR]
> > [ERROR] To see the full stack trace of the errors, re-run Maven with
> > the -e switch.
> > [ERROR] Re-run Maven using the -X switch to enable full debug logging.
> > [ERROR]
> > [ERROR] For more information about the errors and possible
> > solutions, please read the following articles:
> > [ERROR] [Help 1]
> >
> > http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException
> > [ERROR]
> > [ERROR] After correcting the problems, you can resume the build with
> > the command
> > [ERROR] mvn <args> -rf :atlas-testtools
> >
> > By running the below command the above issue was resolved as it
> > ignored all ssl verifications (Similar issue -
> >
> > https://stackoverflow.com/questions/68199459/maven-build-failed-pkix-path-validation-failed-java-security-cert-certpathval
> > ):
> > ln -s /usr/local/bin/python3 /usr/local/bin/python # As by
> > default python3 gets installed when we upgrade to mac ventura and no
> > python symlink
> > mvn clean install
> > -Dmaven.wagon.http.ssl.ignore.validity.dates=true
> > -Dmaven.wagon.http.ssl.insecure=true
> > -Dmaven.wagon.http.ssl.allowall=true
> > mvn clean package -Pdist
> > -Dmaven.wagon.http.ssl.ignore.validity.dates=true
> > -Dmaven.wagon.http.ssl.insecure=true
> > -Dmaven.wagon.http.ssl.allowall=true
> >
> > - started Atlas and ran quickstart script to preload sample types and
> > entities
> > - validated relation search, basic and advanced search
> >
> > P.S. Recently I upgraded my mac to ventura and I'm not sure if these
> > issues are due to the upgrade. If someone else has a similar mac
> > version and it works for them then we are good to proceed.
> > Please check once if the signature is correct or else I will debug
> > further at my end.
> >
> > Thanks,
> > Sid
> >
> >
> >
> > On Tue, Nov 29, 2022 at 10:17 PM Sarath Subramanian <sar...@apache.org>
> > wrote:
> > >
> > > Thank you Madhan for the release candidate.
> > >
> > > +1 for Apache Atlas 2.3.0 release candidate #1
> > >
> > > validated the following:
> > > - Able to download source, signature, md5 and sha512 files and verified
> > > checksum hash
> > > - validated signature of source from release manager (Madhan Neethiraj <
> > > mad...@apache.org>)
> > > - Build the source successfully using embedded-hbase-solr profile
> > > - started Atlas and ran quickstart script to preload sample types and
> > > entities
> > > - validated relation search, basic and advanced search
> > >
> > > Thanks,
> > > Sarath
> > >
> > >
> > >
> > >
> > >
> > > On Mon, Nov 28, 2022 at 1:50 PM Madhan Neethiraj <mad...@apache.org>
> > wrote:
> > >
> > > > Atlas team,
> > > >
> > > >
> > > >
> > > > Apache Atlas 2.3.0 release candidate #1 is now available for a vote
> > within
> > > > dev community. Links to the release artifacts are given below. Please
> > > > review and vote.
> > > >
> > > >
> > > >
> > > > The vote will be open for at least 72 hours or until necessary votes
> > are
> > > > reached.
> > > >
> > > > [ ] +1 approve
> > > >
> > > > [ ] +0 no opinion
> > > >
> > > > [ ] -1 disapprove (and reason why)
> > > >
> > > >
> > > >
> > > > Thanks,
> > > >
> > > > Madhan
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > List of issues addressed in this release:
> > > >
> > https://issues.apache.org/jira/issues/?jql=project%20%3D%20Atlas%20AND%20fixVersion%20%3D%202.3.0%20ORDER%20BY%20key%20DESC
> > > >
> > > >
> > > >
> > > > Git tag for the release:
> > > > https://github.com/apache/atlas/tree/release-2.3.0-rc1
> > > >
> > > > Sources for the release:
> > > >
> > https://dist.apache.org/repos/dist/dev/atlas/2.3.0-rc1/apache-atlas-2.3.0-sources.tar.gz
> > > >
> > > >
> > > >
> > > > Source release verification:
> > > >
> > > > PGP Signature:
> > > >
> > https://dist.apache.org/repos/dist/dev/atlas/2.3.0-rc1/apache-atlas-2.3.0-sources.tar.gz.asc
> > > >
> > > > MD5 Hash:
> > > >
> > https://dist.apache.org/repos/dist/dev/atlas/2.3.0-rc1/apache-atlas-2.3.0-sources.tar.gz.md5
> > > >
> > > > SHA512 Hash:
> > > >
> > https://dist.apache.org/repos/dist/dev/atlas/2.3.0-rc1/apache-atlas-2.3.0-sources.tar.gz.sha512
> > > >
> > > >
> > > >
> > > > Keys to verify the signature of the release artifacts are available at:
> > > > https://dist.apache.org/repos/dist/dev/atlas/KEYS
> > > >
> > > >
> >
