They keys file is irrelevant to Nexus. The only thing that matters is it’s in the mit pgp key ring.
--Brian (mobile) > On Jan 21, 2019, at 3:34 PM, Wangda Tan <wheele...@gmail.com> wrote: > > I just checked on KEYS file, it doesn't show sig part. I updated KEYS file on > Apache https://dist.apache.org/repos/dist/release/hadoop/common/KEYS and made > it be ultimately trusted. > > pub rsa4096 2018-03-20 [SC] > 4C899853CDDA4E40C60212B5B3FA653D57300D45 > uid [ultimate] Wangda tan <wan...@apache.org> > sig 3 B3FA653D57300D45 2018-03-20 Wangda tan <wan...@apache.org> > sub rsa4096 2018-03-20 [E] > sig B3FA653D57300D45 2018-03-20 Wangda tan <wan...@apache.org> > But the error still remains same while closing repo, not sure how to get it > resolved .. > > >> On Mon, Jan 21, 2019 at 9:14 AM Wangda Tan <wheele...@gmail.com> wrote: >> Hi David, >> >> Thanks for helping check this, >> >> I can see signatures on my key: >> >> pub 4096R/57300D45 2018-03-20 >> Fingerprint=4C89 9853 CDDA 4E40 C602 12B5 B3FA 653D 5730 0D45 >> >> uid Wangda tan <wan...@apache.org> >> sig sig3 57300D45 2018-03-20 __________ __________ [selfsig] >> sig sig C36C5F0F 2018-04-05 __________ __________ Vinod Kumar Vavilapalli >> (I am also known as @tshooter.) <vino...@apache.org> >> sig sig F9CBBD4C 2018-11-08 __________ __________ shikong >> <wudimengh...@gmail.com> >> >> sub 4096R/D0C16F12 2018-03-20 >> sig sbind 57300D45 2018-03-20 __________ __________ [] >> And gpg --edit-key also shows: >> >> gpg --edit-key 4C899853CDDA4E40C60212B5B3FA653D57300D45 >> gpg (GnuPG) 2.2.5; Copyright (C) 2018 Free Software Foundation, Inc. >> This is free software: you are free to change and redistribute it. >> There is NO WARRANTY, to the extent permitted by law. >> >> Secret key is available. >> >> sec rsa4096/B3FA653D57300D45 >> created: 2018-03-20 expires: never usage: SC >> trust: unknown validity: unknown >> ssb rsa4096/79CD893FD0C16F12 >> created: 2018-03-20 expires: never usage: E >> [ unknown] (1). Wangda tan <wan...@apache.org> >> >> Thanks, >> Wangda >> >>> On Mon, Jan 21, 2019 at 9:08 AM David Nalley <da...@gnsa.us> wrote: >>> I wonder if it's because there are no signatures on your key. >>> >>> --David >>> >>> On Mon, Jan 21, 2019 at 11:57 AM Wangda Tan <wheele...@gmail.com> wrote: >>> > >>> > Hi Brian, >>> > >>> > Here're links to my key: >>> > >>> > http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45 >>> > >>> > http://pgp.mit.edu/pks/lookup?op=get&search=0xB3FA653D57300D45 >>> > >>> > On Apache SVN: >>> > https://dist.apache.org/repos/dist/release/hadoop/common/KEYS >>> > >>> > Thanks, >>> > Wangda >>> > >>> > On Mon, Jan 21, 2019 at 6:51 AM Brian Demers <brian.dem...@gmail.com> >>> > wrote: >>> >> >>> >> Can you share the link to your key? >>> >> >>> >> -Brian >>> >> >>> >> On Jan 20, 2019, at 11:21 PM, Wangda Tan <wheele...@gmail.com> wrote: >>> >> >>> >> Still couldn't figure out without locating the log on the Nexus machine. >>> >> With help from several committers and PMCs, we didn't see anything wrong >>> >> with my signing key. >>> >> >>> >> I don't want to delay 3.1.2 more because of this. Is it allowed for me >>> >> to publish artifacts (like tarball, source package, etc.) only and >>> >> somebody else to push Maven bits to Nexus. I believe Apache bylaw should >>> >> allow that because there're several releases have more than one release >>> >> managers. If it is not allowed, please take over the RM role if you have >>> >> the bandwidth, I think most works have been done except close the Nexus >>> >> repo. >>> >> >>> >> Thanks, >>> >> Wangda >>> >> >>> >> On Thu, Jan 17, 2019 at 11:18 AM Wangda Tan <wheele...@gmail.com> wrote: >>> >>> >>> >>> Spent several more hours trying to figure out the issue, still no luck. >>> >>> >>> >>> I just filed https://issues.sonatype.org/browse/OSSRH-45646, really >>> >>> appreciate if anybody could add some suggestions. >>> >>> >>> >>> Thanks, >>> >>> Wangda >>> >>> >>> >>> On Tue, Jan 15, 2019 at 9:48 AM Wangda Tan <wheele...@gmail.com> wrote: >>> >>>> >>> >>>> It seems the problem still exists for me: >>> >>>> >>> >>>> Now the error message only contains: >>> >>>> >>> >>>> failureMessage Failed to validate the pgp signature of >>> >>>> '/org/apache/hadoop/hadoop-client-check-invariants/3.1.2/hadoop-client-check-invariants-3.1.2.pom', >>> >>>> check the logs. >>> >>>> failureMessage Failed to validate the pgp signature of >>> >>>> '/org/apache/hadoop/hadoop-resourceestimator/3.1.2/hadoop-resourceestimator-3.1.2-javadoc.jar', >>> >>>> check the logs. >>> >>>> >>> >>>> If anybody has access the Nexus node, could you please help to check >>> >>>> what is the failure message? >>> >>>> >>> >>>> Thanks, >>> >>>> Wangda >>> >>>> >>> >>>> >>> >>>> On Tue, Jan 15, 2019 at 9:56 AM Brian Fox <bri...@infinity.nu> wrote: >>> >>>>> >>> >>>>> Good to know. The pool has occasionally had sync issues, but we're >>> >>>>> talking 3 times in the last 8-9 years. >>> >>>>> >>> >>>>> On Tue, Jan 15, 2019 at 10:39 AM Elek, Marton <e...@apache.org> wrote: >>> >>>>>> >>> >>>>>> My key was pushed to the server with pgp about 1 year ago, and it >>> >>>>>> worked >>> >>>>>> well with the last Ratis release. So it should be synced between the >>> >>>>>> key >>> >>>>>> servers. >>> >>>>>> >>> >>>>>> But it seems that the INFRA solved the problem with shuffling the key >>> >>>>>> server order (or it was an intermittent issue): see INFRA-17649 >>> >>>>>> >>> >>>>>> Seems to be working now... >>> >>>>>> >>> >>>>>> Marton >>> >>>>>> >>> >>>>>> >>> >>>>>> On 1/15/19 5:19 AM, Wangda Tan wrote: >>> >>>>>> > HI Brain, >>> >>>>>> > Thanks for responding, could u share how to push to keys to Apache >>> >>>>>> > pgp pool? >>> >>>>>> > >>> >>>>>> > Best, >>> >>>>>> > Wangda >>> >>>>>> > >>> >>>>>> > On Mon, Jan 14, 2019 at 10:44 AM Brian Fox <bri...@infinity.nu> >>> >>>>>> > wrote: >>> >>>>>> > >>> >>>>>> >> Did you push your key up to the pgp pool? That's what Nexus is >>> >>>>>> >> validating >>> >>>>>> >> against. It might take time to propagate if you just pushed it. >>> >>>>>> >> >>> >>>>>> >> On Mon, Jan 14, 2019 at 9:59 AM Elek, Marton <e...@apache.org> >>> >>>>>> >> wrote: >>> >>>>>> >> >>> >>>>>> >>> Seems to be an INFRA issue for me: >>> >>>>>> >>> >>> >>>>>> >>> 1. I downloaded a sample jar file [1] + the signature from the >>> >>>>>> >>> repository and it was ok, locally I verified it. >>> >>>>>> >>> >>> >>>>>> >>> 2. I tested it with an other Apache project (Ratis) and my key. >>> >>>>>> >>> I got >>> >>>>>> >>> the same problem even if it worked at last year during the 0.3.0 >>> >>>>>> >>> release. (I used exactly the same command) >>> >>>>>> >>> >>> >>>>>> >>> I opened an infra ticket to check the logs of the Nexus as it was >>> >>>>>> >>> suggested in the error message: >>> >>>>>> >>> >>> >>>>>> >>> https://issues.apache.org/jira/browse/INFRA-17649 >>> >>>>>> >>> >>> >>>>>> >>> Marton >>> >>>>>> >>> >>> >>>>>> >>> >>> >>>>>> >>> [1]: >>> >>>>>> >>> >>> >>>>>> >>> https://repository.apache.org/service/local/repositories/orgapachehadoop-1183/content/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-javadoc.jar >>> >>>>>> >>> >>> >>>>>> >>> >>> >>>>>> >>> On 1/13/19 6:27 AM, Wangda Tan wrote: >>> >>>>>> >>>> Uploaded sample file and signature. >>> >>>>>> >>>> >>> >>>>>> >>>> >>> >>>>>> >>>> >>> >>>>>> >>>> On Sat, Jan 12, 2019 at 9:18 PM Wangda Tan <wheele...@gmail.com >>> >>>>>> >>>> <mailto:wheele...@gmail.com>> wrote: >>> >>>>>> >>>> >>> >>>>>> >>>> Actually, among the hundreds of failed messages, the "No >>> >>>>>> >>>> public key" >>> >>>>>> >>>> issues still occurred several times: >>> >>>>>> >>>> >>> >>>>>> >>>> failureMessage No public key: Key with id: >>> >>>>>> >>>> (b3fa653d57300d45) >>> >>>>>> >>>> was not able to be located on http://gpg-keyserver.de/. >>> >>>>>> >>>> Upload >>> >>>>>> >>>> your public key and try the operation again. >>> >>>>>> >>>> failureMessage No public key: Key with id: >>> >>>>>> >>>> (b3fa653d57300d45) >>> >>>>>> >>>> was not able to be located on >>> >>>>>> >>>> http://pool.sks-keyservers.net:11371. Upload your >>> >>>>>> >>>> public key >>> >>>>>> >>> and >>> >>>>>> >>>> try the operation again. >>> >>>>>> >>>> failureMessage No public key: Key with id: >>> >>>>>> >>>> (b3fa653d57300d45) >>> >>>>>> >>>> was not able to be located on http://pgp.mit.edu:11371. >>> >>>>>> >>>> Upload >>> >>>>>> >>>> your public key and try the operation again. >>> >>>>>> >>>> >>> >>>>>> >>>> Once the close operation returned, I will upload sample >>> >>>>>> >>>> files which >>> >>>>>> >>>> may help troubleshoot the issue. >>> >>>>>> >>>> >>> >>>>>> >>>> Thanks, >>> >>>>>> >>>> >>> >>>>>> >>>> On Sat, Jan 12, 2019 at 9:04 PM Wangda Tan >>> >>>>>> >>>> <wheele...@gmail.com >>> >>>>>> >>>> <mailto:wheele...@gmail.com>> wrote: >>> >>>>>> >>>> >>> >>>>>> >>>> Thanks David for the quick response! >>> >>>>>> >>>> >>> >>>>>> >>>> I just retried, now the "No public key" issue is gone. >>> >>>>>> >>>> However, >>> >>>>>> >>>> the issue: >>> >>>>>> >>>> >>> >>>>>> >>>> failureMessage Failed to validate the pgp >>> >>>>>> >>>> signature of >>> >>>>>> >>>> >>> >>>>>> >>> >>> >>>>>> >>> '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-tests.jar', >>> >>>>>> >>>> check the logs. >>> >>>>>> >>>> failureMessage Failed to validate the pgp >>> >>>>>> >>>> signature of >>> >>>>>> >>>> >>> >>>>>> >>> >>> >>>>>> >>> '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-test-sources.jar', >>> >>>>>> >>>> check the logs. >>> >>>>>> >>>> failureMessage Failed to validate the pgp >>> >>>>>> >>>> signature of >>> >>>>>> >>>> >>> >>>>>> >>> >>> >>>>>> >>> '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2.pom', >>> >>>>>> >>>> check the logs. >>> >>>>>> >>>> >>> >>>>>> >>>> >>> >>>>>> >>>> Still exists and repeated hundreds of times. Do you >>> >>>>>> >>>> know how to >>> >>>>>> >>>> access the logs mentioned by above log? >>> >>>>>> >>>> >>> >>>>>> >>>> Best, >>> >>>>>> >>>> Wangda >>> >>>>>> >>>> >>> >>>>>> >>>> On Sat, Jan 12, 2019 at 8:37 PM David Nalley >>> >>>>>> >>>> <da...@gnsa.us >>> >>>>>> >>>> <mailto:da...@gnsa.us>> wrote: >>> >>>>>> >>>> >>> >>>>>> >>>> On Sat, Jan 12, 2019 at 9:09 PM Wangda Tan >>> >>>>>> >>>> <wheele...@gmail.com <mailto:wheele...@gmail.com>> >>> >>>>>> >>>> wrote: >>> >>>>>> >>>> > >>> >>>>>> >>>> > Hi Devs, >>> >>>>>> >>>> > >>> >>>>>> >>>> > I'm currently rolling Hadoop 3.1.2 release >>> >>>>>> >>>> candidate, >>> >>>>>> >>>> however, I saw an issue when I try to close repo in >>> >>>>>> >>>> Nexus. >>> >>>>>> >>>> > >>> >>>>>> >>>> > Logs of >>> >>>>>> >>> https://repository.apache.org/#stagingRepositories >>> >>>>>> >>>> (orgapachehadoop-1183) shows hundreds of lines of >>> >>>>>> >>>> the >>> >>>>>> >>>> following error: >>> >>>>>> >>>> > >>> >>>>>> >>>> > failureMessage No public key: Key with id: >>> >>>>>> >>>> (b3fa653d57300d45) was not able to be located on >>> >>>>>> >>>> http://gpg-keyserver.de/. Upload your public key >>> >>>>>> >>>> and try >>> >>>>>> >>> the >>> >>>>>> >>>> operation again. >>> >>>>>> >>>> > failureMessage No public key: Key with id: >>> >>>>>> >>>> (b3fa653d57300d45) was not able to be located on >>> >>>>>> >>>> http://pool.sks-keyservers.net:11371. Upload your >>> >>>>>> >>>> public >>> >>>>>> >>> key >>> >>>>>> >>>> and try the operation again. >>> >>>>>> >>>> > failureMessage No public key: Key with id: >>> >>>>>> >>>> (b3fa653d57300d45) was not able to be located on >>> >>>>>> >>>> http://pgp.mit.edu:11371. Upload your public key >>> >>>>>> >>>> and try >>> >>>>>> >>> the >>> >>>>>> >>>> operation again. >>> >>>>>> >>>> > ... >>> >>>>>> >>>> > failureMessage Failed to validate the pgp >>> >>>>>> >>>> signature of >>> >>>>>> >>>> >>> >>>>>> >>> >>> >>>>>> >>> '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-tests.jar', >>> >>>>>> >>>> check the logs. >>> >>>>>> >>>> > failureMessage Failed to validate the pgp >>> >>>>>> >>>> signature of >>> >>>>>> >>>> >>> >>>>>> >>> >>> >>>>>> >>> '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-test-sources.jar', >>> >>>>>> >>>> check the logs. >>> >>>>>> >>>> > failureMessage Failed to validate the pgp >>> >>>>>> >>>> signature of >>> >>>>>> >>>> >>> >>>>>> >>> >>> >>>>>> >>> '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-sources.jar', >>> >>>>>> >>>> check the logs. >>> >>>>>> >>>> > >>> >>>>>> >>>> > >>> >>>>>> >>>> > This is the same key I used before (and finished >>> >>>>>> >>>> two >>> >>>>>> >>>> releases), the same environment I used before. >>> >>>>>> >>>> > >>> >>>>>> >>>> > I have tried more than 10 times in the last two >>> >>>>>> >>>> days, no >>> >>>>>> >>>> luck. And closing the repo takes almost one hour >>> >>>>>> >>>> (Regular >>> >>>>>> >>>> time is less than 1 min) and always fail at the >>> >>>>>> >>>> last. >>> >>>>>> >>>> > >>> >>>>>> >>>> > I used following commands to validate key exists >>> >>>>>> >>>> on key >>> >>>>>> >>>> servers >>> >>>>>> >>>> > >>> >>>>>> >>>> > gpg --keyserver pgp.mit.edu <http://pgp.mit.edu> >>> >>>>>> >>>> --recv-keys 57300D45 >>> >>>>>> >>>> > gpg: WARNING: unsafe permissions on homedir >>> >>>>>> >>>> '/Users/wtan/.gnupg' >>> >>>>>> >>>> > gpg: key B3FA653D57300D45: 1 signature not >>> >>>>>> >>>> checked due to >>> >>>>>> >>>> a missing key >>> >>>>>> >>>> > gpg: key B3FA653D57300D45: "Wangda tan >>> >>>>>> >>>> <wan...@apache.org >>> >>>>>> >>>> <mailto:wan...@apache.org>>" not changed >>> >>>>>> >>>> > gpg: Total number processed: 1 >>> >>>>>> >>>> > gpg: unchanged: 1 >>> >>>>>> >>>> > >>> >>>>>> >>>> > gpg --keyserver pool.sks-keyservers.net >>> >>>>>> >>>> <http://pool.sks-keyservers.net> --recv-keys >>> >>>>>> >>> B3FA653D57300D45 >>> >>>>>> >>>> > gpg: WARNING: unsafe permissions on homedir >>> >>>>>> >>>> '/Users/wtan/.gnupg' >>> >>>>>> >>>> > gpg: key B3FA653D57300D45: 1 signature not >>> >>>>>> >>>> checked due to >>> >>>>>> >>>> a missing key >>> >>>>>> >>>> > gpg: key B3FA653D57300D45: "Wangda tan >>> >>>>>> >>>> <wan...@apache.org >>> >>>>>> >>>> <mailto:wan...@apache.org>>" not changed >>> >>>>>> >>>> > gpg: Total number processed: 1 >>> >>>>>> >>>> > gpg: unchanged: 1 >>> >>>>>> >>>> > >>> >>>>>> >>>> >>> >>>>>> >>>> Both of these report that your key was not found. >>> >>>>>> >>>> I took the key from the KEYS file and uploaded it >>> >>>>>> >>>> to both of >>> >>>>>> >>>> those servers. >>> >>>>>> >>>> >>> >>>>>> >>>> You might try the release again and see if this >>> >>>>>> >>>> resolves the >>> >>>>>> >>>> issue. >>> >>>>>> >>>> >>> >>>>>> >>>> >>> >>>>>> >>>> >>> >>>>>> >>>> --------------------------------------------------------------------- >>> >>>>>> >>>> To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org >>> >>>>>> >>>> For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org >>> >>>>>> >>>> >>> >>>>>> >>> >>> >>>>>> >> >>> >>>>>> >