+1 (binding) I downloaded all of the artifacts, verified the GPG signature (nice job using SHA256 for the underlying hash, Joe), verified all checksums, built successfully (all tests and contrib-check passed on OS X 10.11.6 with Java 1.8.0_101-b13 and Maven 3.3.9), ran the default instance and created a flow which generated, encrypted, decrypted, and logged flowfiles (exercising the new default text feature of GenerateFlowFile [NIFI-2912] and the visual back pressure indicators [NIFI-766]). I then exported the flow as a template and re-imported, and it worked fine.
I then stopped the application, and used the TLS toolkit to generate a certificate for the server application and client certificates for multiple users. I copied the keystore, truststore, and nifi.properties to the correct location and ran the encrypt-config tool to encrypt nifi.properties with master key. I updated the conf/authorizers.xml with the IAI value and started the application. I loaded client certificates into OS keychain and separate browser keychain. OpenSSL s_client connections and Chrome connections worked successfully (after the client certificates had manually been granted trust in Keychain Access and had an Identity Preference for the hostname associated with them -- I manually map a custom domain to localhost in my /etc/hosts to allow multiple certificates to be associated with the same instance of the application). Firefox does not seem to successfully negotiate the TLS handshake using the P12 client certificates (even though the full cert chain is present, it hangs after ServerHelloDone). The correctly-authorized user can add, modify/configure, and remove restricted processors in the flow [NIFI-3050]. The limited user cannot. The Add Processor dialog correctly shows the restricted processors with special icons and allows searching/tag filtering for them. The processors are shown with the special icon on the flow canvas as well. Stopped the application and migrated the nifi.sensitive.props.key value from empty (using the hard-coded default value internally) to a new value using the encrypt-config tool [NIFI-3024]. Restarted application and verified it worked; manually verified the flow.xml.gz contents differed only in the sensitive value cipher texts. Andy LoPresto [email protected] [email protected] PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Nov 28, 2016, at 1:14 PM, Joe Witt <[email protected]> wrote: > > regarding the commit hash I meant to indicate that was the has the RC > was initiated off of. I should have used the one that the tag was > made off of to be more consistent. My apologies for the confusion. > > Thanks > Joe > > On Mon, Nov 28, 2016 at 3:48 PM, Bryan Rosander <[email protected]> wrote: >> +1 (non-binding) >> >> * Signature, hashes are good >> * Full contrib-check build with empty .m2 works on macOS, Windows 10 >> * tls-toolkit secured 3-node cluster comes up fine, can set permissions, >> create, start flow after changing relevant paths to 1.1.0 [1] >> >> Can confirm readme issues seen by Jeff and Joe Skora. This seems to come >> from the nifi-assembly README.md which is currently the same in rc tag as >> in master [2]. >> >> Can confirm that commit hash is 5536f690a81418955442d52687695f65f0a44cd0 as >> reported by Jeff and not f61e42c65e1c2387591ee368c2148cd5bda646bd [3]. >> >> [1] >> https://blog.rosander.ninja/nifi/toolkit/tls/2016/09/20/tls-toolkit-standalone-multi.html >> [2] >> https://github.com/apache/nifi/blob/master/nifi-assembly/README.md#requirements >> [3] https://github.com/apache/nifi/commits/nifi-1.1.0-RC2 >> >> On Mon, Nov 28, 2016 at 1:33 PM, Joe Skora <[email protected]> wrote: >> >>> +1 (non-binding) but there are README issues >>> >>> * Signature and hashes checkout >>> * Source builds and tests (Ubuntu 14.04.5 LTS) >>> * LICENSE and NOTICE look correct (without a detailed analysis) >>> * README is incorrect [1] >>> * binaries run as expected >>> >>> [1] the built README lists requirements of "JDK 1.7 or higher" but this >>> should be "JDK 1.8 or higher" which was committed to master on 8/8/2016. >>> >>> On Mon, Nov 28, 2016 at 5:33 PM, Matt Burgess <[email protected]> >>> wrote: >>> >>>> +1 (binding) Release this package as nifi-1.1.0 >>>> >>>> On Sat, Nov 26, 2016 at 1:11 AM, Joe Witt <[email protected]> wrote: >>>>> Hello Apache NiFi Community, >>>>> >>>>> I am pleased to be calling this vote for the source release of Apache >>>> NiFi, >>>>> nifi-1.1.0. >>>>> >>>>> The source release zip and convenience binaries, including signatures >>>>> and digests can be found at: >>>>> https://dist.apache.org/repos/dist/dev/nifi/1.0.0-rc2/ >>>>> >>>>> The Git tag is nifi-1.1.0-RC2 >>>>> The Git commit hash is f61e42c65e1c2387591ee368c2148cd5bda646bd >>>>> * https://git-wip-us.apache.org/repos/asf?p=nifi.git;a=commit;h= >>>> f61e42c65e1c2387591ee368c2148cd5bda646bd >>>>> * https://github.com/apache/nifi/commit/f61e42c65e1c2387591ee368c2148c >>>> d5bda646bd >>>>> >>>>> Checksums of nifi-1.1.0-source-release.zip: >>>>> MD5: 371fb856d9c3947603239ea98f171f6f >>>>> SHA1: 532c2e14e915dfa522254745bbc068aa6620babb >>>>> SHA256: dd1d0569f209fd7f179b85a50fe4bf81b3d850c79b13d32cad88982a8234 >>> a719 >>>>> >>>>> Release artifacts are signed with the following key: >>>>> https://people.apache.org/keys/committer/joewitt >>>>> >>>>> KEYS file available here: >>>>> https://dist.apache.org/repos/dist/release/nifi/KEYS >>>>> >>>>> 268 issues were closed/resolved for this release: >>>>> https://issues.apache.org/jira/secure/ReleaseNote.jspa? >>>> projectId=12316020&version=12337875 >>>>> >>>>> >>>>> Release note highlights can be found here: >>>>> https://cwiki.apache.org/confluence/display/NIFI/ >>>> Release+Notes#ReleaseNotes-Version1.1.0 >>>>> >>>>> The vote will be open for 72 hours. >>>>> Please download the release candidate and evaluate the necessary items >>>>> including checking hashes, signatures, build from source, and test. >>> Then >>>>> please vote: >>>>> >>>>> [ ] +1 Release this package as nifi-1.1.0 >>>>> [ ] +0 no opinion >>>>> [ ] -1 Do not release this package because... >>>>> >>>>> Thanks! >>>> >>>
signature.asc
Description: Message signed with OpenPGP using GPGMail
