I am getting the same error as well, looks like the key used to sign the release has changed. It also appears that we do not have the tar.gz file for knox-1.4.0-src (i.e. knox-1.4.0-src.tar.gz)
*gpg --list-keys | grep -B 2 Larrypub rsa4096 2013-10-08 [SC] CB951DC938391FE207682BB582F9C371587C089Buid [ unknown] Larry McCay (CODE SIGNING KEY) <[email protected] <[email protected]>>--pub rsa4096 2014-06-16 [SCEA] [revoked: 2016-08-16] E633929ED2B59AE4D37C9B4A9F6D85AC587C089Buid [ revoked] Larry McCay (CODE SIGNING KEY) <[email protected] <[email protected]>>* On Thu, Apr 16, 2020 at 6:49 AM Sandor Molnar <[email protected]> wrote: > Thank you, Larry, for preparing the new release! > > I tried to verify the signature of knox-1.4.0.zip using GPG but > verification failed for me with the following error: > > $ gpg --import KEYS > gpg: directory 'XXX' created > gpg: keybox 'XXX/pubring.kbx' created > gpg: key 82F9C371587C089B: 1 signature not checked due to a missing key > gpg: XXX/trustdb.gpg: trustdb created > gpg: key 82F9C371587C089B: public key "Larry McCay (CODE SIGNING KEY) < > [email protected]>" imported > gpg: key 57846920EACB2DAE: 2 signatures not checked due to missing keys > gpg: key 57846920EACB2DAE: public key "Kevin Minder (Code signing) < > [email protected]>" imported > gpg: key 2B5842B902C74EAE: public key "Sumit Gupta <[email protected]>" > imported > gpg: key 12D51C2DE72B5D09: public key "Kevin Risden (CODE SIGNING KEY) < > [email protected]>" imported > gpg: Total number processed: 4 > gpg: imported: 4 > gpg: no ultimately trusted keys found > > $ gpg --verify knox-1.4.0.zip.asc > gpg: assuming signed data in 'knox-1.4.0.zip' > gpg: Signature made Wed Apr 15 02:36:28 2020 CEST > gpg: using RSA key 7AEC60D6E92792CCE08CDEDE3704A2F46A6B52DF > gpg: Can't check signature: No public key > > Could you please let me know if I'm doing something wrong or the KEYS file > is incorrect? > > Thanks, > Sandor > > P.S.: the rest seems to be OK. I deployed/started Knox, reached the new > Home PAge, logged into Admin UI, tested some of the new features. > > On Wed, Apr 15, 2020 at 3:01 AM larry mccay <[email protected]> wrote: > > > All - > > > > A candidate for the Apache Knox 1.4.0 release is available at: > > > > https://dist.apache.org/repos/dist/dev/knox/knox-1.4.0/ > > > > The release candidate is a zip archive of the sources in: > > > > https://https://gitbox.apache.org/repos/asf/knox.git > > Branch v1.4.0 (git checkout -b v1.4.0) > > > > The KEYS file for signature validation is available at: > > https://dist.apache.org/repos/dist/release/knox/KEYS > > > > To assist in testing the knoxshell features you can find the new > KnoxShell > > User Guide at > > http://knox.apache.org/books/knox-1-4-0/knoxshell_user_guide.html > > > > Gateway User Guide: > > http://knox.apache.org/books/knox-1-4-0/user-guide.html > > > > Dev Guide: http://knox.apache.org/books/knox-1-4-0/dev-guide.html > > > > Please vote on releasing this package as Apache Knox 1.4.0. > > The vote is open for the next 72 hours and passes if a majority of at > > least three +1 Apache Knox PMC votes are cast. > > > > [ ] +1 Release this package as Apache Knox 1.4.0 > > [ ] -1 Do not release this package because... > > > > thanks, > > > > --larry > > >
