Thank you for preparing this release candidate. I've verified the signatures and built/installed from source. I've exercised the homepage, Admin UI and ClouderaManager discovery.
I did notice that the homepage has the following for the Knox Version: 1.4.0 (hash=1.4.0) ? Not necessarily release blockers, but questions for future releases: - Can the sandbox topology be migrated to a descriptor? - Are there other topologies which can be migrated to descriptors? - Should Knox be monitoring the ClouderaManager integration descriptors by default? e.g., knox.gateway (ClouderaManagerDescriptorMonitor.java:setupMonitor(66)) - Monitoring Cloudera Manager descriptors in ... On Thu, Apr 16, 2020 at 10:47 AM Sandor Molnar <[email protected]> wrote: > Hi folks, > > Here is my +1 for RC1 of Knox 1.4. > I verified the updated signatures and ran some basic tests (including some > of the new features) using the downloaded product. > > Cheers, > Sandor > > On Thu, Apr 16, 2020 at 4:29 PM larry mccay <[email protected]> wrote: > > > Sorry about that folks - I've corrected the signatures now. > > Please feel free to check now. > > > > --larry > > > > On Thu, Apr 16, 2020 at 7:09 AM Sandeep Moré <[email protected]> > > wrote: > > > > > I am getting the same error as well, looks like the key used to sign > the > > > release has changed. > > > It also appears that we do not have the tar.gz file for knox-1.4.0-src > > > (i.e. knox-1.4.0-src.tar.gz) > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > *gpg --list-keys | grep -B 2 Larrypub rsa4096 2013-10-08 [SC] > > > CB951DC938391FE207682BB582F9C371587C089Buid [ unknown] Larry > > > McCay (CODE SIGNING KEY) <[email protected] <[email protected]>>--pub > > > rsa4096 2014-06-16 [SCEA] [revoked: 2016-08-16] > > > E633929ED2B59AE4D37C9B4A9F6D85AC587C089Buid [ revoked] Larry > > > McCay (CODE SIGNING KEY) <[email protected] <[email protected]>>* > > > > > > > > > On Thu, Apr 16, 2020 at 6:49 AM Sandor Molnar > > <[email protected] > > > > > > > wrote: > > > > > > > Thank you, Larry, for preparing the new release! > > > > > > > > I tried to verify the signature of knox-1.4.0.zip using GPG but > > > > verification failed for me with the following error: > > > > > > > > $ gpg --import KEYS > > > > gpg: directory 'XXX' created > > > > gpg: keybox 'XXX/pubring.kbx' created > > > > gpg: key 82F9C371587C089B: 1 signature not checked due to a missing > key > > > > gpg: XXX/trustdb.gpg: trustdb created > > > > gpg: key 82F9C371587C089B: public key "Larry McCay (CODE SIGNING > KEY) < > > > > [email protected]>" imported > > > > gpg: key 57846920EACB2DAE: 2 signatures not checked due to missing > keys > > > > gpg: key 57846920EACB2DAE: public key "Kevin Minder (Code signing) < > > > > [email protected]>" imported > > > > gpg: key 2B5842B902C74EAE: public key "Sumit Gupta <[email protected] > >" > > > > imported > > > > gpg: key 12D51C2DE72B5D09: public key "Kevin Risden (CODE SIGNING > KEY) > > < > > > > [email protected]>" imported > > > > gpg: Total number processed: 4 > > > > gpg: imported: 4 > > > > gpg: no ultimately trusted keys found > > > > > > > > $ gpg --verify knox-1.4.0.zip.asc > > > > gpg: assuming signed data in 'knox-1.4.0.zip' > > > > gpg: Signature made Wed Apr 15 02:36:28 2020 CEST > > > > gpg: using RSA key > > > 7AEC60D6E92792CCE08CDEDE3704A2F46A6B52DF > > > > gpg: Can't check signature: No public key > > > > > > > > Could you please let me know if I'm doing something wrong or the KEYS > > > file > > > > is incorrect? > > > > > > > > Thanks, > > > > Sandor > > > > > > > > P.S.: the rest seems to be OK. I deployed/started Knox, reached the > new > > > > Home PAge, logged into Admin UI, tested some of the new features. > > > > > > > > On Wed, Apr 15, 2020 at 3:01 AM larry mccay <[email protected]> > wrote: > > > > > > > > > All - > > > > > > > > > > A candidate for the Apache Knox 1.4.0 release is available at: > > > > > > > > > > https://dist.apache.org/repos/dist/dev/knox/knox-1.4.0/ > > > > > > > > > > The release candidate is a zip archive of the sources in: > > > > > > > > > > https://https://gitbox.apache.org/repos/asf/knox.git > > > > > Branch v1.4.0 (git checkout -b v1.4.0) > > > > > > > > > > The KEYS file for signature validation is available at: > > > > > https://dist.apache.org/repos/dist/release/knox/KEYS > > > > > > > > > > To assist in testing the knoxshell features you can find the new > > > > KnoxShell > > > > > User Guide at > > > > > http://knox.apache.org/books/knox-1-4-0/knoxshell_user_guide.html > > > > > > > > > > Gateway User Guide: > > > > > http://knox.apache.org/books/knox-1-4-0/user-guide.html > > > > > > > > > > Dev Guide: http://knox.apache.org/books/knox-1-4-0/dev-guide.html > > > > > > > > > > Please vote on releasing this package as Apache Knox 1.4.0. > > > > > The vote is open for the next 72 hours and passes if a majority of > at > > > > > least three +1 Apache Knox PMC votes are cast. > > > > > > > > > > [ ] +1 Release this package as Apache Knox 1.4.0 > > > > > [ ] -1 Do not release this package because... > > > > > > > > > > thanks, > > > > > > > > > > --larry > > > > > > > > > > > > > > >
