Thanks to Aldrin and Matt Burgess, we were able to push a new signature for each artifact to the repository and verify it. Please resume release verification.
hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 alopresto 🔓 0s @ 20:01:08 $ rmf nifi-0.6.0-source-release.zip.asc nifi-0.6.0-source-release.zip.asc hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 alopresto 🔓 0s @ 20:01:14 $ wget https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-source-release.zip.asc --2016-03-21 20:01:16-- https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-source-release.zip.asc Resolving dist.apache.org... 209.188.14.144 Connecting to dist.apache.org|209.188.14.144|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 801 [text/plain] Saving to: 'nifi-0.6.0-source-release.zip.asc' nifi-0.6.0-source-release.zip.asc 100%[============================================================>] 801 --.-KB/s in 0s 2016-03-21 20:01:16 (34.7 MB/s) - 'nifi-0.6.0-source-release.zip.asc' saved [801/801] hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 alopresto 🔓 0s @ 20:01:17 $ diff nifi-0.6.0-source-release.zip.asc aldrin-new.asc hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 alopresto 🔓 0s @ 20:01:29 $ gpg --verify -v aldrin-new.asc nifi-0.6.0-source-release.zip gpg: Signature made Mon Mar 21 19:39:05 2016 PDT using RSA key ID 4CFE5D00 gpg: using PGP trust model gpg: Good signature from "Aldrin Piri (Code Signing Key) <ald...@apache.org>" [full] gpg: binary signature, digest algorithm SHA512 hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 alopresto 🔓 0s @ 20:01:38 $ gpg --verify -v nifi-0.6.0-source-release.zip.asc nifi-0.6.0-source-release.zip gpg: Signature made Mon Mar 21 19:39:05 2016 PDT using RSA key ID 4CFE5D00 gpg: using PGP trust model gpg: Good signature from "Aldrin Piri (Code Signing Key) <ald...@apache.org>" [full] gpg: binary signature, digest algorithm SHA512 hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 alopresto 🔓 0s @ 20:01:50 $ hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 alopresto 🔓 0s @ 20:01:50 $ wget https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.zip.asc --2016-03-21 20:03:43-- https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.zip.asc Resolving dist.apache.org... 209.188.14.144 Connecting to dist.apache.org|209.188.14.144|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 801 [text/plain] Saving to: 'nifi-0.6.0-bin.zip.asc' nifi-0.6.0-bin.zip.asc 100%[============================================================>] 801 --.-KB/s in 0s 2016-03-21 20:03:43 (27.3 MB/s) - 'nifi-0.6.0-bin.zip.asc' saved [801/801] hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 alopresto 🔓 0s @ 20:03:44 $ wget https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.zip --2016-03-21 20:03:47-- https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.zip Resolving dist.apache.org... 209.188.14.144 Connecting to dist.apache.org|209.188.14.144|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 441687095 (421M) [application/octet-stream] Saving to: 'nifi-0.6.0-bin.zip' nifi-0.6.0-bin.zip 100%[============================================================>] 421.23M 10.7MB/s in 44s 2016-03-21 20:04:31 (9.59 MB/s) - 'nifi-0.6.0-bin.zip' saved [441687095/441687095] hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 alopresto 🔓 44s @ 20:04:32 $ gpg --verify -v nifi-0.6.0-bin.zip.asc gpg: assuming signed data in 'nifi-0.6.0-bin.zip' gpg: Signature made Mon Mar 21 19:49:21 2016 PDT using RSA key ID 4CFE5D00 gpg: using PGP trust model gpg: Good signature from "Aldrin Piri (Code Signing Key) <ald...@apache.org>" [full] gpg: binary signature, digest algorithm SHA512 hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 alopresto 🔓 2s @ 20:05:04 $ hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 alopresto 🔓 2s @ 20:05:04 $ wget https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.tar.gz --2016-03-21 20:06:34-- https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.tar.gz Resolving dist.apache.org... 209.188.14.144 Connecting to dist.apache.org|209.188.14.144|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 441632655 (421M) [application/octet-stream] Saving to: 'nifi-0.6.0-bin.tar.gz' nifi-0.6.0-bin.tar.gz 100%[============================================================>] 421.17M 10.3MB/s in 40s 2016-03-21 20:07:15 (10.4 MB/s) - 'nifi-0.6.0-bin.tar.gz' saved [441632655/441632655] hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 alopresto 🔓 41s @ 20:07:16 $ wget https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.tar.gz.asc --2016-03-21 20:07:42-- https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.tar.gz.asc Resolving dist.apache.org... 209.188.14.144 Connecting to dist.apache.org|209.188.14.144|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 801 [text/plain] Saving to: 'nifi-0.6.0-bin.tar.gz.asc' nifi-0.6.0-bin.tar.gz.asc 100%[============================================================>] 801 --.-KB/s in 0s 2016-03-21 20:07:42 (13.2 MB/s) - 'nifi-0.6.0-bin.tar.gz.asc' saved [801/801] hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 alopresto 🔓 0s @ 20:07:43 $ gpg --verify -v nifi-0.6.0-bin.tar.gz.asc gpg: assuming signed data in 'nifi-0.6.0-bin.tar.gz' gpg: Signature made Mon Mar 21 19:49:29 2016 PDT using RSA key ID 4CFE5D00 gpg: using PGP trust model gpg: Good signature from "Aldrin Piri (Code Signing Key) <ald...@apache.org>" [full] gpg: binary signature, digest algorithm SHA512 hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 alopresto 🔓 3s @ 20:07:55 $ Andy LoPresto alopresto.apa...@gmail.com PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Mar 21, 2016, at 7:28 PM, Aldrin Piri <aldrinp...@gmail.com> wrote: > > Hey Matt, > > Thanks for the heads up. Something is definitely awry. While verifying > seemingly checks out in my environment: > > $ gpg --verify nifi-0.6.0-source-release.zip.asc >> gpg: assuming signed data in `nifi-0.6.0-source-release.zip' >> gpg: Signature made Mon Mar 21 14:38:50 2016 EDT using RSA key ID 4CFE5D00 >> gpg: Good signature from "Aldrin Piri (Code Signing Key) < >> ald...@apache.org>" > > > I receive similar errors on another system I did not perform/verify the > release process on. For now, I ask that folks likely hold up until I can > resolve the issue and determine if it was a matter of publishing or the > entire build and another RC is needed. > > > On Mon, Mar 21, 2016 at 9:44 PM, Matt Burgess <mattyb...@gmail.com> wrote: > >> I'm getting an error on Aldrin's signature during gpg --verify: >> >> gpg: BAD signature from "Aldrin Piri (Code Signing Key) <ald...@apache.org >>> " >> [unknown] >> >> Is anyone else seeing this? >> >> Thanks, >> Matt >> >> On Mon, Mar 21, 2016 at 4:37 PM, Aldrin Piri <aldrinp...@gmail.com> wrote: >> >>> Hello, >>> >>> I am pleased to be calling this vote for the source release of Apache >> NiFi >>> nifi-0.6.0. >>> >>> The source zip, including signatures, digests, etc. can be found at: >>> https://repository.apache.org/content/repositories/orgapachenifi-1077 >>> >>> The Git tag is NIFI-1634-RC1 >>> The Git commit hash is 736896246cf021dbed31d4eb1e22e0755e4705f0 >>> * >>> >>> >> https://git-wip-us.apache.org/repos/asf?p=nifi.git;a=commit;h=736896246cf021dbed31d4eb1e22e0755e4705f0 >>> * >>> >>> >> https://github.com/apache/nifi/commit/736896246cf021dbed31d4eb1e22e0755e4705f0 >>> >>> Checksums of nifi-0.6.0-source-release.zip: >>> MD5: 1559157db000d53221aeabc5dd607cfc >>> SHA1: feed12016d7f2d450fb1e3a238634757cc17b0f1 >>> >>> Release artifacts are signed with the following key: >>> *https://people.apache.org/keys/committer/aldrin.asc >>> <https://people.apache.org/keys/committer/aldrin.asc>* >>> >>> KEYS file available here: >>> https://dist.apache.org/repos/dist/release/nifi/KEYS >>> >>> 71 issues were closed/resolved for this release: >>> * >>> >> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334372&styleName=Html&projectId=12316020 >>> < >>> >> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334372&styleName=Html&projectId=12316020 >>>> * >>> >>> Release note highlights can be found here: >>> * >>> >> https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version0.6.0 >>> < >>> >> https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version0.6.0 >>>> * >>> >>> The vote will be open for 72 hours. >>> Please download the release candidate and evaluate the necessary items >>> including checking hashes, signatures, build from source, and test. Then >>> please vote: >>> >>> [ ] +1 Release this package as nifi-0.6.0 >>> [ ] +0 no opinion >>> [ ] -1 Do not release this package because... >>> >>> Thanks! >>> >>
signature.asc
Description: Message signed with OpenPGP using GPGMail
