+1 (non-binding) -Ran full clean install on OS X (Catalina 10.15.2) -Tested secure NiFi with secure NiFi Registry -Ran basic flows successfully -Reviewed core UI and documentation fixes/updates
In setting up my secure NiFi and secure NiFi registry, I used the NiFi TLS Toolkit [1] to create my config files and certs. I was able to access the UIs of both apps using Safari but not able to with Chrome due to a NET::ERR_CERT_REVOKED error which I had never seen before. Turns out this is a known issue on Catalina [2]. MacOSX 10.15 requires certs to be valid for 825 days or less and a minimum 2048 bit key. By default, the TLS Toolkit sets the validity to 1095 days and the number of bits for generated keys to 2048. Creating new certs with the required 825 validity solved the issue. I will add a note to the Toolkit Guide for this new requirement [3]. Drew [1] https://nifi.apache.org/docs/nifi-docs/html/toolkit-guide.html#tls_toolkit <https://nifi.apache.org/docs/nifi-docs/html/toolkit-guide.html#tls_toolkit> [2] https://support.apple.com/en-us/HT210176 <https://support.apple.com/en-us/HT210176> [3] https://issues.apache.org/jira/browse/NIFI-7053 <https://issues.apache.org/jira/browse/NIFI-7053> > On Jan 19, 2020, at 3:21 PM, Joe Witt <[email protected]> wrote: > > Hello, > > I am pleased to be calling this vote for the source release of Apache NiFi > nifi-1.11.0. > > The source zip, including signatures, digests, etc. can be found at: > https://repository.apache.org/content/repositories/orgapachenifi-1155 > > The source being voted upon and the convenience binaries can be found at: > https://dist.apache.org/repos/dist/dev/nifi/nifi-1.11.0/ > > A helpful reminder on how the release candidate verification process works: > https://cwiki.apache.org/confluence/display/NIFI/How+to+help+verify+an+Apache+NiFi+release+candidate > > The Git tag is nifi-1.11.0-RC3 > The Git commit ID is 633408bce7ad34dad727ed9c4edfd36a224f3f12 > https://gitbox.apache.org/repos/asf?p=nifi.git;a=commit;h=633408bce7ad34dad727ed9c4edfd36a224f3f12 > > Checksums of nifi-1.11.0-source-release.zip: > SHA256: 0e2d77265fc7cedfbdb9588df1dd7f456fd18b6288d65eb5e21befe23af7c567 > SHA512: > 4880fa3482b3e8d8eed439848fe0a6596826d7ad46425a91b0dd4a4bcd178259327380b24045b7991dbdf8449abdfdda145786b6863eb603f6cef3b9e0ae8ec1 > > Release artifacts are signed with the following key: > https://people.apache.org/keys/committer/joewitt.asc > > KEYS file available here: > https://dist.apache.org/repos/dist/release/nifi/KEYS > > 129 issues were closed/resolved for this release: > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020&version=12346451 > > Release note highlights can be found here: > https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version1.11.0 > > The vote will be open for 72 hours. > Please download the release candidate and evaluate the necessary items > including checking hashes, signatures, build > from source, and test. Then please vote: > > [ ] +1 Release this package as nifi-1.11.0 > [ ] +0 no opinion > [ ] -1 Do not release this package because...
