All, Given the issues I am cancelling this vote. There were some miscues in the artifact generation process that have caused issues and clouded the process. Please look for an updated vote RC and helper.
Thank you for your efforts and time and apologies for the hiccups. On Tue, Mar 22, 2016 at 8:00 AM, Aldrin Piri <aldrinp...@gmail.com> wrote: > Drat, the announce email was wrong (likely glossed over it copying and > pasting), but the md5sum provided to the repository is correct > ( nifi-0.6.0-source-release.zip.md5). I did an md5 against the artifact as > provided to SVN using the actually prepared md5 checksum. > > # apiri in ~/Development/verify/release-0.6.0/dist/nifi/nifi-0.6.0 > [7:55:56] > $ cat nifi-0.6.0-source-release.zip.md5 > 1597a93574b928b7c78e3014d1eca416% > > # apiri in ~/Development/verify/release-0.6.0/dist/nifi/nifi-0.6.0 > [7:55:59] > $ md5sum nifi-0.6.0-source-release.zip > 1597a93574b928b7c78e3014d1eca416 nifi-0.6.0-source-release.zip > > On Tue, Mar 22, 2016 at 7:37 AM, Matt Burgess <mattyb...@gmail.com> wrote: > >> I'm getting an MD5 checksum mismatch on the ZIP: >> >> < MD5(nifi-0.6.0-source-release.zip)= 1559157db000d53221aeabc5dd607cfc >> --- >> > MD5(nifi-0.6.0-source-release.zip)= 1597a93574b928b7c78e3014d1eca416 >> >> On Mon, Mar 21, 2016 at 11:08 PM, Andy LoPresto < >> alopresto.apa...@gmail.com> >> wrote: >> >> > Thanks to Aldrin and Matt Burgess, we were able to push a new signature >> > for each artifact to the repository and verify it. Please resume release >> > verification. >> > >> > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 >> > alopresto >> > 🔓 0s @ 20:01:08 $ rmf nifi-0.6.0-source-release.zip.asc >> > nifi-0.6.0-source-release.zip.asc >> > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 >> > alopresto >> > 🔓 0s @ 20:01:14 $ wget >> > >> https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-source-release.zip.asc >> > --2016-03-21 20:01:16-- >> > >> https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-source-release.zip.asc >> > Resolving dist.apache.org... 209.188.14.144 >> > Connecting to dist.apache.org|209.188.14.144|:443... connected. >> > HTTP request sent, awaiting response... 200 OK >> > Length: 801 [text/plain] >> > Saving to: 'nifi-0.6.0-source-release.zip.asc' >> > >> > nifi-0.6.0-source-release.zip.asc >> > 100%[============================================================>] >> > 801 --.-KB/s in 0s >> > >> > 2016-03-21 20:01:16 (34.7 MB/s) - 'nifi-0.6.0-source-release.zip.asc' >> > saved [801/801] >> > >> > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 >> > alopresto >> > 🔓 0s @ 20:01:17 $ diff nifi-0.6.0-source-release.zip.asc aldrin-new.asc >> > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 >> > alopresto >> > 🔓 0s @ 20:01:29 $ gpg --verify -v aldrin-new.asc >> > nifi-0.6.0-source-release.zip >> > gpg: Signature made Mon Mar 21 19:39:05 2016 PDT using RSA key ID >> 4CFE5D00 >> > gpg: using PGP trust model >> > gpg: Good signature from "Aldrin Piri (Code Signing Key) < >> > ald...@apache.org>" [full] >> > gpg: binary signature, digest algorithm SHA512 >> > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 >> > alopresto >> > 🔓 0s @ 20:01:38 $ gpg --verify -v nifi-0.6.0-source-release.zip.asc >> > nifi-0.6.0-source-release.zip >> > gpg: Signature made Mon Mar 21 19:39:05 2016 PDT using RSA key ID >> 4CFE5D00 >> > gpg: using PGP trust model >> > gpg: Good signature from "Aldrin Piri (Code Signing Key) < >> > ald...@apache.org>" [full] >> > gpg: binary signature, digest algorithm SHA512 >> > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 >> > alopresto >> > 🔓 0s @ 20:01:50 $ >> > >> > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 >> > alopresto >> > 🔓 0s @ 20:01:50 $ wget >> > >> https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.zip.asc >> > --2016-03-21 20:03:43-- >> > >> https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.zip.asc >> > Resolving dist.apache.org... 209.188.14.144 >> > Connecting to dist.apache.org|209.188.14.144|:443... connected. >> > HTTP request sent, awaiting response... 200 OK >> > Length: 801 [text/plain] >> > Saving to: 'nifi-0.6.0-bin.zip.asc' >> > >> > nifi-0.6.0-bin.zip.asc >> > 100%[============================================================>] >> > 801 --.-KB/s in 0s >> > >> > 2016-03-21 20:03:43 (27.3 MB/s) - 'nifi-0.6.0-bin.zip.asc' saved >> [801/801] >> > >> > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 >> > alopresto >> > 🔓 0s @ 20:03:44 $ wget >> > >> https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.zip >> > --2016-03-21 20:03:47-- >> > >> https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.zip >> > Resolving dist.apache.org... 209.188.14.144 >> > Connecting to dist.apache.org|209.188.14.144|:443... connected. >> > HTTP request sent, awaiting response... 200 OK >> > Length: 441687095 (421M) [application/octet-stream] >> > Saving to: 'nifi-0.6.0-bin.zip' >> > >> > nifi-0.6.0-bin.zip >> > 100%[============================================================>] >> > 421.23M 10.7MB/s in 44s >> > >> > 2016-03-21 20:04:31 (9.59 MB/s) - 'nifi-0.6.0-bin.zip' saved >> > [441687095/441687095] >> > >> > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 >> > alopresto >> > 🔓 44s @ 20:04:32 $ gpg --verify -v nifi-0.6.0-bin.zip.asc >> > gpg: assuming signed data in 'nifi-0.6.0-bin.zip' >> > gpg: Signature made Mon Mar 21 19:49:21 2016 PDT using RSA key ID >> 4CFE5D00 >> > gpg: using PGP trust model >> > gpg: Good signature from "Aldrin Piri (Code Signing Key) < >> > ald...@apache.org>" [full] >> > gpg: binary signature, digest algorithm SHA512 >> > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 >> > alopresto >> > 🔓 2s @ 20:05:04 $ >> > >> > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 >> > alopresto >> > 🔓 2s @ 20:05:04 $ wget >> > >> https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.tar.gz >> > --2016-03-21 20:06:34-- >> > >> https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.tar.gz >> > Resolving dist.apache.org... 209.188.14.144 >> > Connecting to dist.apache.org|209.188.14.144|:443... connected. >> > HTTP request sent, awaiting response... 200 OK >> > Length: 441632655 (421M) [application/octet-stream] >> > Saving to: 'nifi-0.6.0-bin.tar.gz' >> > >> > nifi-0.6.0-bin.tar.gz >> > 100%[============================================================>] >> > 421.17M 10.3MB/s in 40s >> > >> > 2016-03-21 20:07:15 (10.4 MB/s) - 'nifi-0.6.0-bin.tar.gz' saved >> > [441632655/441632655] >> > >> > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 >> > alopresto >> > 🔓 41s @ 20:07:16 $ wget >> > >> https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.tar.gz.asc >> > --2016-03-21 20:07:42-- >> > >> https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.tar.gz.asc >> > Resolving dist.apache.org... 209.188.14.144 >> > Connecting to dist.apache.org|209.188.14.144|:443... connected. >> > HTTP request sent, awaiting response... 200 OK >> > Length: 801 [text/plain] >> > Saving to: 'nifi-0.6.0-bin.tar.gz.asc' >> > >> > nifi-0.6.0-bin.tar.gz.asc >> > 100%[============================================================>] >> > 801 --.-KB/s in 0s >> > >> > 2016-03-21 20:07:42 (13.2 MB/s) - 'nifi-0.6.0-bin.tar.gz.asc' saved >> > [801/801] >> > >> > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 >> > alopresto >> > 🔓 0s @ 20:07:43 $ gpg --verify -v nifi-0.6.0-bin.tar.gz.asc >> > gpg: assuming signed data in 'nifi-0.6.0-bin.tar.gz' >> > gpg: Signature made Mon Mar 21 19:49:29 2016 PDT using RSA key ID >> 4CFE5D00 >> > gpg: using PGP trust model >> > gpg: Good signature from "Aldrin Piri (Code Signing Key) < >> > ald...@apache.org>" [full] >> > gpg: binary signature, digest algorithm SHA512 >> > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 >> > alopresto >> > 🔓 3s @ 20:07:55 $ >> > >> > Andy LoPresto >> > alopresto.apa...@gmail.com >> > PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 >> > >> > On Mar 21, 2016, at 7:28 PM, Aldrin Piri <aldrinp...@gmail.com> wrote: >> > >> > Hey Matt, >> > >> > Thanks for the heads up. Something is definitely awry. While verifying >> > seemingly checks out in my environment: >> > >> > $ gpg --verify nifi-0.6.0-source-release.zip.asc >> > >> > gpg: assuming signed data in `nifi-0.6.0-source-release.zip' >> > gpg: Signature made Mon Mar 21 14:38:50 2016 EDT using RSA key ID >> 4CFE5D00 >> > gpg: Good signature from "Aldrin Piri (Code Signing Key) < >> > ald...@apache.org>" >> > >> > >> > >> > I receive similar errors on another system I did not perform/verify the >> > release process on. For now, I ask that folks likely hold up until I >> can >> > resolve the issue and determine if it was a matter of publishing or the >> > entire build and another RC is needed. >> > >> > >> > On Mon, Mar 21, 2016 at 9:44 PM, Matt Burgess <mattyb...@gmail.com> >> wrote: >> > >> > I'm getting an error on Aldrin's signature during gpg --verify: >> > >> > gpg: BAD signature from "Aldrin Piri (Code Signing Key) < >> ald...@apache.org >> > >> > " >> > >> > [unknown] >> > >> > Is anyone else seeing this? >> > >> > Thanks, >> > Matt >> > >> > On Mon, Mar 21, 2016 at 4:37 PM, Aldrin Piri <aldrinp...@gmail.com> >> wrote: >> > >> > Hello, >> > >> > I am pleased to be calling this vote for the source release of Apache >> > >> > NiFi >> > >> > nifi-0.6.0. >> > >> > The source zip, including signatures, digests, etc. can be found at: >> > https://repository.apache.org/content/repositories/orgapachenifi-1077 >> > >> > The Git tag is NIFI-1634-RC1 >> > The Git commit hash is 736896246cf021dbed31d4eb1e22e0755e4705f0 >> > * >> > >> > >> > >> > >> https://git-wip-us.apache.org/repos/asf?p=nifi.git;a=commit;h=736896246cf021dbed31d4eb1e22e0755e4705f0 >> > >> > * >> > >> > >> > >> > >> https://github.com/apache/nifi/commit/736896246cf021dbed31d4eb1e22e0755e4705f0 >> > >> > >> > Checksums of nifi-0.6.0-source-release.zip: >> > MD5: 1559157db000d53221aeabc5dd607cfc >> > SHA1: feed12016d7f2d450fb1e3a238634757cc17b0f1 >> > >> > Release artifacts are signed with the following key: >> > *https://people.apache.org/keys/committer/aldrin.asc >> > <https://people.apache.org/keys/committer/aldrin.asc>* >> > >> > KEYS file available here: >> > https://dist.apache.org/repos/dist/release/nifi/KEYS >> > >> > 71 issues were closed/resolved for this release: >> > * >> > >> > >> > >> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334372&styleName=Html&projectId=12316020 >> > >> > < >> > >> > >> > >> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334372&styleName=Html&projectId=12316020 >> > >> > * >> > >> > >> > Release note highlights can be found here: >> > * >> > >> > >> > >> https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version0.6.0 >> > >> > < >> > >> > >> > >> https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version0.6.0 >> > >> > * >> > >> > >> > The vote will be open for 72 hours. >> > Please download the release candidate and evaluate the necessary items >> > including checking hashes, signatures, build from source, and test. Then >> > please vote: >> > >> > [ ] +1 Release this package as nifi-0.6.0 >> > [ ] +0 no opinion >> > [ ] -1 Do not release this package because... >> > >> > Thanks! >> > >> > >> > >> > >> > >
