David, From an earlier email:
..... 2) Can we please be consistent on how we produce the sha512 files? 8.0.6 file looks like this: 3e8fcaf50362169808f1dd09bcf844c642c2251a3a725c58100066500aa482d4c23a3c027c52178dc6a92b648f75b53106a9efdffc6e39918c7fa2e86c058bf7 8.0.8 looks like: 5a54e24400211f6ef6e48415713996fd5e89da1d5ad29f0e12202b685821245a9d600b4f0ad30539a479a8a8129fad9f7cfb2f3c8232178c42a39e2b9a84a5dd apache-tomee-8.0.8-plume.tar.gz 9.0 follows the 8.0.6 convention. If pushed, I would prefer the 8.0.8 convention. It matches how Tomcat does it. However, I can make either work. Thanks, Rod. On 9/16/21, 1:31 PM, "David Blevins" <[email protected]> wrote: > On Sep 16, 2021, at 1:10 PM, Jenkins, Rodney J (Rod) <[email protected]> wrote: > > David, > > WOW, you’re a genius!! > > This worked well and makes the Docerfiles clean. For the record, I dislike awk. What you had is exactly I would have done it if I understood gpg better. Stackoverflow to the rescue :) I knew fingerprints are usually some kind of sha of the public key, so I figured there had to be a way to calculate it and went looking. > Now, if we can get consistent on the sha512 files, lol. What's the challenge there? Are we missing them on occasion? -David > On 9/16/21, 11:55 AM, "David Blevins" <[email protected]> wrote: > >> On Sep 16, 2021, at 11:03 AM, Jenkins, Rodney J (Rod) <[email protected]> wrote: >> >> Hello David, >> >> Thank you for the response..... I think I understand the issue...... >> >> The script parses the KEYS file as such: >> for key in `curl -fsSL 'https://www.apache.org/dist/tomee/KEYS' | awk -F ' = ' '$1 ~ /^ +Key fingerprint$/ { gsub(" ", "", $2); print $2 }' | sort -u`; do \ >> >> The key you used that starts with 626C does not have the line "Key fingerprint = 626C..." >> >> Your output gave me the fingerprint I needed I added it to the Dockerfile manually and it was found in the key servers. Jean-Louis is in a similar boat. His finger print is there it is missing " Key fingerprint =" in front of it. > > Thanks for the explanation and pointer, Rod! > > I dug and found the loop in question. Looks like there's a way to get gpg to list the keys in a file without importing them and give us more consistent output to parse. > > $ cat KEYS | gpg --with-colons --import-options show-only --import > > I never learned awk, but here's a way to parse it: > > for key in $(curl -fsSL 'https://www.apache.org/dist/tomee/KEYS' |cat KEYS | gpg --with-colons --import-options show-only --import | grep '^fpr' | cut -d : -f 10 ); do > # do the stuff > done > > You could probably cook up something fancier with your awk skills :) > > > -David > >
