[ https://issues.apache.org/jira/browse/SPARK-30728?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dongjoon Hyun resolved SPARK-30728. ----------------------------------- Resolution: Invalid Hi, [~khalidnajm]. JIRA is not for Q&A. You had better ask questions to dev mailing list. {code} # gpg --verify spark-2.4.4-bin-hadoop2.7.tgz.asc gpg: assuming signed data in 'spark-2.4.4-bin-hadoop2.7.tgz' gpg: Signature made Tue Aug 27 21:30:32 2019 UTC gpg: using RSA key EDA00CE834F0FC5C gpg: Good signature from "Dongjoon Hyun (CODE SIGNING KEY) <dongj...@apache.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: F28C 9C92 5C18 8C35 E345 614D EDA0 0CE8 34F0 FC5C {code} > Bad signature for Spark 2.4.4 > ----------------------------- > > Key: SPARK-30728 > URL: https://issues.apache.org/jira/browse/SPARK-30728 > Project: Spark > Issue Type: Bug > Components: Windows > Affects Versions: 2.4.4 > Environment: Windows 10 Pro 1809 > OS Build: 17763.973 > gpg (GnuPG) 2.2.19 libgcrypt 1.8.5 > Reporter: Khalid Najm > Priority: Minor > > I downloaded the signatures files from the Apache Spark download page: > * spark-2.4.4-bin-hadoop2.7.tgz.asc > * spark-2.4.4-bin-hadoop2.7.tgz.sha512 > * KEYS > I ran the following commands: > gpg --import KEYS > gpg --verify spark-2.4.4-bin-hadoop2.7.tgz.asc > spark-2.4.4-bin-hadoop2.7.tgz.sha512 > For the KEYS command, I got: > {\{gpg: key 7B165D2A15E06093: "Andrew Or <andrewo...@gmail.com>" not changed > gpg: key 6B32946082667DC1: "Xiangrui Meng (CODE SIGNING KEY) > <m...@apache.org>" not changed gpg: key B1A91F0000799F7E: "Patrick Wendell > <pwend...@gmail.com>" not changed gpg: key 7C6C105FFC8ED089: "Patrick Wendell > <pwend...@gmail.com>" not changed gpg: key 5D951CFF87FD1A97: "Tathagata Das > (CODE SIGNING KEY) <t...@apache.org>" not changed gpg: key 548F5FEE9E4FE3AF: > "Patrick Wendell <pwend...@gmail.com>" not changed gpg: key A70A1B29E90ADC5D: > 1 signature not checked due to a missing key gpg: key A70A1B29E90ADC5D: > "Holden Karau (CODE SIGNING KEY) <hol...@apache.org>" not changed gpg: key > B6C8B66085040118: "Felix Cheung (CODE SIGNING KEY) <felixche...@apache.org>" > not changed gpg: key DCE4BFD807461E96: "Sameer Agarwal (CODE SIGNING KEY) > <samee...@apache.org>" not changed gpg: key FD8FFD4C3A0D5564: 3 signatures > not checked due to missing keys gpg: key FD8FFD4C3A0D5564: "Marcelo M. Vanzin > <van...@apache.org>" not changed gpg: key DE4FBCCD81E6C76A: "Thomas Graves > (CODE SIGNING KEY) <tgra...@apache.org>" not changed gpg: key > DB0B21A012973FD0: "Saisai Shao (CODE SIGNING KEY) <js...@apache.org>" not > changed gpg: key 6BAC72894F4FDC8A: "Wenchen Fan (CODE SIGNING KEY) > <wenc...@apache.org>" not changed gpg: key EDA00CE834F0FC5C: "Dongjoon Hyun > (CODE SIGNING KEY) <dongj...@apache.org>" not changed gpg: key > 6EC5F1052DF08FF4: "Takeshi Yamamuro (CODE SIGNING KEY) <yamam...@apache.org>" > not changed gpg: key 42E5B25A8F7A82C1: "DB Tsai <dbt...@dbtsai.com>" not > changed gpg: key 96F72F76830C0D1B: "Xiao Li (CODE SIGNING KEY) > <lix...@apache.org>" not changed gpg: key E49A046C7F0FEF75: "Kazuaki Ishizaki > (CODE SIGNING KEY) <ki...@apache.org>" not changed gpg: key E1B7E0F25E4BF56B: > "Xingbo Jiang (CODE SIGNING KEY) <jiangxb1...@apache.org>" not changed gpg: > key 6E1B4122F6A3A338: "Yuming Wang <yumw...@apache.org>" not changed gpg: > Total number processed: 20 gpg: unchanged: 20}} > For the verification, I got: > {{gpg: Signature made 08/27/19 22:30:32 GMT Daylight Time gpg: using RSA key > EDA00CE834F0FC5C gpg: BAD signature from "Dongjoon Hyun (CODE SIGNING KEY) > <dongj...@apache.org>" [unknown]}} > I have two questions: > * why did this happen? I downloaded and installed Spark from one mirror and > then the other, and still got the error. Also, the three files are the same > in either case, so how does it tell which signature works? > * I assume that when you get a bad signature error, that you should > reinstall from another mirror. Is this true? > * What is the signature verification doing? > -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org