out of curiosity - what gpg version do you have? i'm on: $ gpg --version gpg (GnuPG) 1.4.16
is that ancient or something? i'd be curious if anyone else has this problem. it's also semi-concerning that this doesn't work because we'd want to the verification to behave right with the instructions we have here: http://tinkerpop.apache.org/downloads.html wonder if that's a problem too? On Wed, Apr 4, 2018 at 4:54 PM, Daniel Kuppitz <m...@gremlin.guru> wrote: > Either this or I might have a newer gpg version which changed the output > slightly. We already ignore the suffix for Ted and Jason, so I guess we > should just use the same pattern for everyone. I can CTR this change into > all main branches; it's just that: > > -[ `gpg ${ZIP_FILENAME}.asc 2>&1 | grep -c '^gpg: Good signature from > "Stephen Mallette <spmalle...@apache.org>"$'` -eq 1 ] || \ > -[ `gpg ${ZIP_FILENAME}.asc 2>&1 | grep -c '^gpg: Good signature from > "Marko Rodriguez <ok...@apache.org>"$'` -eq 1 ] || \ > +[ `gpg ${ZIP_FILENAME}.asc 2>&1 | grep -c '^gpg: Good signature from > "Stephen Mallette <spmalle...@apache.org>"'` -eq 1 ] || \ > +[ `gpg ${ZIP_FILENAME}.asc 2>&1 | grep -c '^gpg: Good signature from > "Marko Rodriguez <ok...@apache.org>"'` -eq 1 ] || \ > > Cheers, > Daniel > > > On Wed, Apr 4, 2018 at 1:49 PM, Stephen Mallette <spmalle...@gmail.com> > wrote: > > > I haven't changed anything - i wonder why this is suddenly an issue. I > > guess it worked for me locally because i was the person who signed it? > > > > On Wed, Apr 4, 2018 at 4:47 PM, Daniel Kuppitz <m...@gremlin.guru> wrote: > > > > > gpg: Signature made Tue 03 Apr 2018 12:53:16 PM MST > > > gpg: using RSA key EA53A99854EAB0E6 > > > gpg: Good signature from "Stephen Mallette <spmalle...@apache.org>" > > > [unknown] > > > gpg: WARNING: This key is not certified with a trusted signature! > > > gpg: There is no indication that the signature belongs to the > > > owner. > > > Primary key fingerprint: 0871 A360 AAB5 FD42 2516 E2FB EA53 A998 54EA > > B0E6 > > > > > > The [unkown] suffix is what breaks the check. > > > > > > If you haven't changed anything in the way you're signing the > artifacts, > > we > > > can probably just ignore the suffix. > > > > > > > > > > > > On Wed, Apr 4, 2018 at 1:39 PM, Daniel Kuppitz <m...@gremlin.guru> > wrote: > > > > > > > The PGP signature check fails for me. > > > > > > > > daniel@cube /projects/apache/tinkerpop (tp33) $ > > > > bin/validate-distribution.sh 3.3.2 > > > > > > > > Validating binary distributions > > > > > > > > * downloading Apache TinkerPop Gremlin (apache-tinkerpop-gremlin- > > > console-3.3.2-bin.zip)... > > > > OK > > > > * validating signatures and checksums ... > > > > * PGP signature ... failed > > > > > > > > daniel@cube /projects/apache/tinkerpop (tp33) $ pushd /tmp > > > > /tmp /projects/apache/tinkerpop > > > > daniel@cube /tmp $ wget https://dist.apache.org/repos/ > > > > dist/dev/tinkerpop/KEYS > > > > --2018-04-04 13:36:03-- https://dist.apache.org/repos/ > > > > dist/dev/tinkerpop/KEYS > > > > Resolving dist.apache.org (dist.apache.org)... 209.188.14.144 > > > > Connecting to dist.apache.org (dist.apache.org)|209.188.14. > 144|:443... > > > > connected. > > > > HTTP request sent, awaiting response... 200 OK > > > > Length: 13788 (13K) [text/plain] > > > > Saving to: ‘KEYS’ > > > > > > > > KEYS > > > > 100%[====================================================== > > > > ==========================================================>] 13.46K > > > > --.-KB/s in 0s > > > > > > > > 2018-04-04 13:36:03 (98.0 MB/s) - ‘KEYS’ saved [13788/13788] > > > > > > > > daniel@cube /tmp $ gpg --import KEYS > > > > gpg: key 59028A48CB97E87B: "Marko Rodriguez <ok...@apache.org>" not > > > > changed > > > > gpg: key EA53A99854EAB0E6: "Stephen Mallette <spmalle...@apache.org > >" > > > not > > > > changed > > > > gpg: key A39CC3ADAEAEF36E: "Theodore Ratte Wilmes (CODE SIGNING KEY) > < > > > > twil...@apache.org>" not changed > > > > gpg: key 66B85FF141802BA8: "Jason Plurad (CODE SIGNING KEY) < > > > > plur...@apache.org>" not changed > > > > gpg: Total number processed: 4 > > > > gpg: unchanged: 4 > > > > daniel@cube /tmp $ popd > > > > /projects/apache/tinkerpop > > > > daniel@cube /projects/apache/tinkerpop (tp33) $ > > > > bin/validate-distribution.sh 3.3.2 > > > > > > > > Validating binary distributions > > > > > > > > * downloading Apache TinkerPop Gremlin (apache-tinkerpop-gremlin- > > > console-3.3.2-bin.zip)... > > > > OK > > > > * validating signatures and checksums ... > > > > * PGP signature ... failed > > > > > > > > > > > > > > > > Cheers, > > > > Daniel > > > > > > > > > > > > On Tue, Apr 3, 2018 at 2:05 PM, Stephen Mallette < > spmalle...@gmail.com > > > > > > > wrote: > > > > > > > >> Hello, > > > >> > > > >> We are happy to announce that TinkerPop 3.3.2 is ready for release. > > > >> > > > >> The release artifacts can be found at this location: > > > >> https://dist.apache.org/repos/dist/dev/tinkerpop/3.3.2/ > > > >> > > > >> The source distribution is provided by: > > > >> apache-tinkerpop-3.3.2-src.zip > > > >> > > > >> Two binary distributions are provided for user convenience: > > > >> apache-tinkerpop-gremlin-console-3.3.2-bin.zip > > > >> apache-tinkerpop-gremlin-server-3.3.2-bin.zip > > > >> > > > >> The GPG key used to sign the release artifacts is available at: > > > >> https://dist.apache.org/repos/dist/dev/tinkerpop/KEYS > > > >> > > > >> The online docs can be found here: > > > >> http://tinkerpop.apache.org/docs/3.3.2/ (user docs) > > > >> http://tinkerpop.apache.org/docs/3.3.2/upgrade/ (upgrade > > docs) > > > >> http://tinkerpop.apache.org/javadocs/3.3.2/core/ (core > > javadoc) > > > >> http://tinkerpop.apache.org/javadocs/3.3.2/full/ (full > > javadoc) > > > >> > > > >> The tag in Apache Git can be found here: > > > >> > > > >> https://git-wip-us.apache.org/repos/asf?p=tinkerpop.git;a=ta > > > >> g;h=5938d84a350e048357e3b40f335a0ed161180cc3 > > > >> > > > >> The release notes are available here (i linked to the branch - > github > > > >> hasn't sync'd the tag yet for some reason - not sure what the delay > is > > > >> with > > > >> Apache infra): > > > >> > > > >> https://github.com/apache/tinkerpop/blob/tp33/CHANGELOG.asci > > > >> idoc#release-3-3-2 > > > >> > > > >> The [VOTE] will be open for the next 72 hours --- closing Friday, > > April > > > 6, > > > >> 2018 at 5:00pm EST. > > > >> > > > >> My vote is +1. > > > >> > > > >> Thank you very much, > > > >> Stephen > > > >> > > > > > > > > > > > > > >
