Hey all, Putting this in a separate thread as it’s not directly related to the vote.
When I ran rcverify.sh, I got an sha512 validation failure: validating sha512... failed (cd /var/folders/sg/7bdwwkc56kl74bgrw2gxhyf40000gn/T/tmp.4kf6mVM4 && gpg --print-md SHA512 'openwhisk-client-js-3.21.6-sources.tar.gz') However running it manually, I get the right hash as the one in https://dist.apache.org/repos/dist/dev/openwhisk/rc1/openwhisk-client-js-3.21.6-sources.tar.gz.sha512, so I voted +1 to release. The possible problem is that there’s a different whitespace formatting: https://dist.apache.org/repos/dist/dev/openwhisk/rc1/openwhisk-client-js-3.21.6-sources.tar.gz.sha512 is: openwhisk-client-js-3.21.6-sources.tar.gz: 4A56223D E7189F6F 7393DB08 ED58F128 639205D7 03CEA4EA A91BF3B5 73563C4E 342C9202 8CC66465 A02F4039 BF6B0636 54AF004C 9F05E45D 99626915 3BEF3C54 but gpg on my M1 Mac gives: openwhisk-client-js-3.21.6-sources.tar.gz: 4A56223D E7189F6F 7393DB08 ED58F128 639205D7 03CEA4EA A91BF3B5 73563C4E 342C9202 8CC66465 A02F4039 BF6B0636 54AF004C 9F05E45D 99626915 3BEF3C54 So I guess that rcverify.sh does a direct string comparison? The rcverify.sh’s script SHA1 that I used is: 7FC5 5DBE 1809 6D92 DEFF 0E31 D138 059B 8F27 20F7 My gpg --version is: gpg (GnuPG) 2.3.3 with libgcrypt 1.9.4 Regards, Rob > On 31 Dec 2021, at 05:53, OpenWhisk Release <stan...@apache.org> wrote: > > Hi, > > This is a call to vote on releasing version 3.21.6 release candidate rc1 of > the following project module with artifacts built from the Git repositories > and commit IDs listed below. > > * OpenWhisk Client Js: 1aba396e8a59afd5a90acb8157f2009746d7a714 > https://github.com/apache/openwhisk-client-js/commit/1aba396e8a59afd5a90acb8157f2009746d7a714 > https://dist.apache.org/repos/dist/dev/openwhisk/rc1/openwhisk-client-js-3.21.6-sources.tar.gz > https://dist.apache.org/repos/dist/dev/openwhisk/rc1/openwhisk-client-js-3.21.6-sources.tar.gz.asc > https://dist.apache.org/repos/dist/dev/openwhisk/rc1/openwhisk-client-js-3.21.6-sources.tar.gz.sha512 > > This release is comprised of source code distribution only. > > You can use this UNIX script to download the release and verify the checklist > below: > https://gitbox.apache.org/repos/asf?p=openwhisk-release.git;a=blob_plain;f=tools/rcverify.sh;hb=ba8a21f > > Usage: > curl -s > "https://gitbox.apache.org/repos/asf?p=openwhisk-release.git;a=blob_plain;f=tools/rcverify.sh;hb=ba8a21f"; > -o rcverify.sh > chmod +x rcverify.sh > ./rcverify.sh openwhisk-client-js 3.21.6 rc1 > > Please vote to approve this release: > > [ ] +1 Approve the release > [ ] 0 Don't care > [ ] -1 Don't release, because ... > > Release verification checklist for reference: > [ ] Download links are valid. > [ ] Checksums and PGP signatures are valid. > [ ] Source code artifacts have correct names matching the current release. > [ ] LICENSE and NOTICE files are correct for each OpenWhisk repository. > [ ] All files have license headers as specified by OpenWhisk project policy > [1]. > [ ] No compiled archives bundled in source archive. > > This majority vote is open for at least 72 hours. > > > [1] > https://github.com/apache/openwhisk-release/blob/master/docs/license_compliance.md
