hadoop-mapreduce-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Lambertus <...@apache.org>
Subject Re: [Urgent] Question about Nexus repo and Hadoop release
Date Tue, 22 Jan 2019 01:18:24 GMT
It looks like there are timeouts from some of the keyservers. I’ve trimmed the list again
to only servers known to be working (ubuntu and sks-keyservers.net <http://sks-keyservers.net/>).
Can you give it a try again?

Brian, there are also a number of timeout errors related to central, but I think they are
unrelated.

com.sonatype.central.secure.nexus.plugin.internal.AuthtokenFetcherImpl - Failed to fetch authtoken:
org.apache.http.conn.ConnectTimeoutException: Connect to secure.central.sonatype.com:443 [secure.central.sonatype.com/207.223.241.90]
failed: connect timed out

-Chris


> On Jan 21, 2019, at 2:39 PM, Brian Fox <brianf@infinity.nu> wrote:
> 
> They keys file is irrelevant to Nexus. The only thing that matters is it’s in the mit
pgp key ring.
> 
> --Brian (mobile)
> 
> 
> On Jan 21, 2019, at 3:34 PM, Wangda Tan <wheeleast@gmail.com <mailto:wheeleast@gmail.com>>
wrote:
> 
>> I just checked on KEYS file, it doesn't show sig part. I updated KEYS file on Apache
https://dist.apache.org/repos/dist/release/hadoop/common/KEYS <https://dist.apache.org/repos/dist/release/hadoop/common/KEYS>
and made it be ultimately trusted. 
>> 
>> pub   rsa4096 2018-03-20 [SC]
>>       4C899853CDDA4E40C60212B5B3FA653D57300D45
>> uid           [ultimate] Wangda tan <wangda@apache.org <mailto:wangda@apache.org>>
>> sig 3        B3FA653D57300D45 2018-03-20  Wangda tan <wangda@apache.org <mailto:wangda@apache.org>>
>> sub   rsa4096 2018-03-20 [E]
>> sig          B3FA653D57300D45 2018-03-20  Wangda tan <wangda@apache.org <mailto:wangda@apache.org>>
>> But the error still remains same while closing repo, not sure how to get it resolved
..
>> 
>> 
>> On Mon, Jan 21, 2019 at 9:14 AM Wangda Tan <wheeleast@gmail.com <mailto:wheeleast@gmail.com>>
wrote:
>> Hi David,
>> 
>> Thanks for helping check this, 
>> 
>> I can see signatures on my key: 
>> 
>> pub  4096R/57300D45 <http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45>
2018-03-20            
>> 	 Fingerprint=4C89 9853 CDDA 4E40 C602  12B5 B3FA 653D 5730 0D45 
>> 
>> uid Wangda tan <wangda@apache.org <mailto:wangda@apache.org>>
>> sig  sig3  57300D45 <http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45>
2018-03-20 __________ __________ [selfsig] <http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0xB3FA653D57300D45>
>> sig  sig   C36C5F0F <http://pool.sks-keyservers.net:11371/key/0x255ADF56C36C5F0F>
2018-04-05 __________ __________ Vinod Kumar Vavilapalli (I am also known as @tshooter.) <vinodkv@apache.org>
<http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0x255ADF56C36C5F0F>
>> sig  sig   F9CBBD4C <http://pool.sks-keyservers.net:11371/key/0x29ED86E6F9CBBD4C>
2018-11-08 __________ __________ shikong <wudimenghuan@gmail.com> <http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0x29ED86E6F9CBBD4C>
>> 
>> sub  4096R/D0C16F12 2018-03-20            
>> sig sbind  57300D45 <http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45>
2018-03-20 __________ __________ [] <http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0xB3FA653D57300D45>
>> And gpg --edit-key also shows: 
>> 
>> gpg --edit-key 4C899853CDDA4E40C60212B5B3FA653D57300D45
>> gpg (GnuPG) 2.2.5; Copyright (C) 2018 Free Software Foundation, Inc.
>> This is free software: you are free to change and redistribute it.
>> There is NO WARRANTY, to the extent permitted by law.
>> 
>> Secret key is available.
>> 
>> sec  rsa4096/B3FA653D57300D45
>>      created: 2018-03-20  expires: never       usage: SC
>>      trust: unknown       validity: unknown
>> ssb  rsa4096/79CD893FD0C16F12
>>      created: 2018-03-20  expires: never       usage: E
>> [ unknown] (1). Wangda tan <wangda@apache.org <mailto:wangda@apache.org>>
>> 
>> Thanks,
>> Wangda
>> 
>> On Mon, Jan 21, 2019 at 9:08 AM David Nalley <david@gnsa.us <mailto:david@gnsa.us>>
wrote:
>> I wonder if it's because there are no signatures on your key.
>> 
>> --David
>> 
>> On Mon, Jan 21, 2019 at 11:57 AM Wangda Tan <wheeleast@gmail.com <mailto:wheeleast@gmail.com>>
wrote:
>> >
>> > Hi Brian,
>> >
>> > Here're links to my key:
>> >
>> > http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45 <http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45>
>> >
>> > http://pgp.mit.edu/pks/lookup?op=get&search=0xB3FA653D57300D45 <http://pgp.mit.edu/pks/lookup?op=get&search=0xB3FA653D57300D45>
>> >
>> > On Apache SVN: https://dist.apache.org/repos/dist/release/hadoop/common/KEYS
<https://dist.apache.org/repos/dist/release/hadoop/common/KEYS>
>> >
>> > Thanks,
>> > Wangda
>> >
>> > On Mon, Jan 21, 2019 at 6:51 AM Brian Demers <brian.demers@gmail.com <mailto:brian.demers@gmail.com>>
wrote:
>> >>
>> >> Can you share the link to your key?
>> >>
>> >> -Brian
>> >>
>> >> On Jan 20, 2019, at 11:21 PM, Wangda Tan <wheeleast@gmail.com <mailto:wheeleast@gmail.com>>
wrote:
>> >>
>> >> Still couldn't figure out without locating the log on the Nexus machine.
With help from several committers and PMCs, we didn't see anything wrong with my signing key.
>> >>
>> >> I don't want to delay 3.1.2 more because of this. Is it allowed for me to
publish artifacts (like tarball, source package, etc.) only and somebody else to push Maven
bits to Nexus. I believe Apache bylaw should allow that because there're several releases
have more than one release managers. If it is not allowed, please take over the RM role if
you have the bandwidth, I think most works have been done except close the Nexus repo.
>> >>
>> >> Thanks,
>> >> Wangda
>> >>
>> >> On Thu, Jan 17, 2019 at 11:18 AM Wangda Tan <wheeleast@gmail.com <mailto:wheeleast@gmail.com>>
wrote:
>> >>>
>> >>> Spent several more hours trying to figure out the issue, still no luck.
>> >>>
>> >>> I just filed https://issues.sonatype.org/browse/OSSRH-45646 <https://issues.sonatype.org/browse/OSSRH-45646>,
really appreciate if anybody could add some suggestions.
>> >>>
>> >>> Thanks,
>> >>> Wangda
>> >>>
>> >>> On Tue, Jan 15, 2019 at 9:48 AM Wangda Tan <wheeleast@gmail.com <mailto:wheeleast@gmail.com>>
wrote:
>> >>>>
>> >>>> It seems the problem still exists for me:
>> >>>>
>> >>>> Now the error message only contains:
>> >>>>
>> >>>> failureMessage  Failed to validate the pgp signature of '/org/apache/hadoop/hadoop-client-check-invariants/3.1.2/hadoop-client-check-invariants-3.1.2.pom',
check the logs.
>> >>>> failureMessage  Failed to validate the pgp signature of '/org/apache/hadoop/hadoop-resourceestimator/3.1.2/hadoop-resourceestimator-3.1.2-javadoc.jar',
check the logs.
>> >>>>
>> >>>> If anybody has access the Nexus node, could you please help to check
what is the failure message?
>> >>>>
>> >>>> Thanks,
>> >>>> Wangda
>> >>>>
>> >>>>
>> >>>> On Tue, Jan 15, 2019 at 9:56 AM Brian Fox <brianf@infinity.nu
<mailto:brianf@infinity.nu>> wrote:
>> >>>>>
>> >>>>> Good to know. The pool has occasionally had sync issues, but
we're talking 3 times in the last 8-9 years.
>> >>>>>
>> >>>>> On Tue, Jan 15, 2019 at 10:39 AM Elek, Marton <elek@apache.org
<mailto:elek@apache.org>> wrote:
>> >>>>>>
>> >>>>>> My key was pushed to the server with pgp about 1 year ago,
and it worked
>> >>>>>> well with the last Ratis release. So it should be synced
between the key
>> >>>>>> servers.
>> >>>>>>
>> >>>>>> But it seems that the INFRA solved the problem with shuffling
the key
>> >>>>>> server order (or it was an intermittent issue): see INFRA-17649
>> >>>>>>
>> >>>>>> Seems to be working now...
>> >>>>>>
>> >>>>>> Marton
>> >>>>>>
>> >>>>>>
>> >>>>>> On 1/15/19 5:19 AM, Wangda Tan wrote:
>> >>>>>> > HI Brain,
>> >>>>>> > Thanks for responding, could u share how to push to
keys to Apache pgp pool?
>> >>>>>> >
>> >>>>>> > Best,
>> >>>>>> > Wangda
>> >>>>>> >
>> >>>>>> > On Mon, Jan 14, 2019 at 10:44 AM Brian Fox <brianf@infinity.nu
<mailto:brianf@infinity.nu>> wrote:
>> >>>>>> >
>> >>>>>> >> Did you push your key up to the pgp pool? That's
what Nexus is validating
>> >>>>>> >> against. It might take time to propagate if you
just pushed it.
>> >>>>>> >>
>> >>>>>> >> On Mon, Jan 14, 2019 at 9:59 AM Elek, Marton <elek@apache.org
<mailto:elek@apache.org>> wrote:
>> >>>>>> >>
>> >>>>>> >>> Seems to be an INFRA issue for me:
>> >>>>>> >>>
>> >>>>>> >>> 1. I downloaded a sample jar file [1] + the
signature from the
>> >>>>>> >>> repository and it was ok, locally I verified
it.
>> >>>>>> >>>
>> >>>>>> >>> 2. I tested it with an other Apache project
(Ratis) and my key. I got
>> >>>>>> >>> the same problem even if it worked at last
year during the 0.3.0
>> >>>>>> >>> release. (I used exactly the same command)
>> >>>>>> >>>
>> >>>>>> >>> I opened an infra ticket to check the logs
of the Nexus as it was
>> >>>>>> >>> suggested in the error message:
>> >>>>>> >>>
>> >>>>>> >>> https://issues.apache.org/jira/browse/INFRA-17649
<https://issues.apache.org/jira/browse/INFRA-17649>
>> >>>>>> >>>
>> >>>>>> >>> Marton
>> >>>>>> >>>
>> >>>>>> >>>
>> >>>>>> >>> [1]:
>> >>>>>> >>>
>> >>>>>> >>> https://repository.apache.org/service/local/repositories/orgapachehadoop-1183/content/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-javadoc.jar
<https://repository.apache.org/service/local/repositories/orgapachehadoop-1183/content/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-javadoc.jar>
>> >>>>>> >>>
>> >>>>>> >>>
>> >>>>>> >>> On 1/13/19 6:27 AM, Wangda Tan wrote:
>> >>>>>> >>>> Uploaded sample file and signature.
>> >>>>>> >>>>
>> >>>>>> >>>>
>> >>>>>> >>>>
>> >>>>>> >>>> On Sat, Jan 12, 2019 at 9:18 PM Wangda
Tan <wheeleast@gmail.com <mailto:wheeleast@gmail.com>
>> >>>>>> >>>> <mailto:wheeleast@gmail.com <mailto:wheeleast@gmail.com>>>
wrote:
>> >>>>>> >>>>
>> >>>>>> >>>>     Actually, among the hundreds of failed
messages, the "No public key"
>> >>>>>> >>>>     issues still occurred several times:
>> >>>>>> >>>>
>> >>>>>> >>>>         failureMessage  No public key:
Key with id: (b3fa653d57300d45)
>> >>>>>> >>>>         was not able to be located on http://gpg-keyserver.de/
<http://gpg-keyserver.de/>. Upload
>> >>>>>> >>>>         your public key and try the operation
again.
>> >>>>>> >>>>         failureMessage  No public key:
Key with id: (b3fa653d57300d45)
>> >>>>>> >>>>         was not able to be located on
>> >>>>>> >>>>         http://pool.sks-keyservers.net:11371
<http://pool.sks-keyservers.net:11371/>. Upload your public key
>> >>>>>> >>> and
>> >>>>>> >>>>         try the operation again.
>> >>>>>> >>>>         failureMessage  No public key:
Key with id: (b3fa653d57300d45)
>> >>>>>> >>>>         was not able to be located on http://pgp.mit.edu:11371
<http://pgp.mit.edu:11371/>. Upload
>> >>>>>> >>>>         your public key and try the operation
again.
>> >>>>>> >>>>
>> >>>>>> >>>>     Once the close operation returned,
I will upload sample files which
>> >>>>>> >>>>     may help troubleshoot the issue.
>> >>>>>> >>>>
>> >>>>>> >>>>     Thanks,
>> >>>>>> >>>>
>> >>>>>> >>>>     On Sat, Jan 12, 2019 at 9:04 PM Wangda
Tan <wheeleast@gmail.com <mailto:wheeleast@gmail.com>
>> >>>>>> >>>>     <mailto:wheeleast@gmail.com <mailto:wheeleast@gmail.com>>>
wrote:
>> >>>>>> >>>>
>> >>>>>> >>>>         Thanks David for the quick response!
>> >>>>>> >>>>
>> >>>>>> >>>>         I just retried, now the "No public
key" issue is gone. However,
>> >>>>>> >>>>         the issue:
>> >>>>>> >>>>
>> >>>>>> >>>>             failureMessage  Failed to validate
the pgp signature of
>> >>>>>> >>>>
>> >>>>>> >>>  '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-tests.jar',
>> >>>>>> >>>>             check the logs.
>> >>>>>> >>>>             failureMessage  Failed to validate
the pgp signature of
>> >>>>>> >>>>
>> >>>>>> >>>  '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-test-sources.jar',
>> >>>>>> >>>>             check the logs.
>> >>>>>> >>>>             failureMessage  Failed to validate
the pgp signature of
>> >>>>>> >>>>
>> >>>>>> >>>  '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2.pom',
>> >>>>>> >>>>             check the logs.
>> >>>>>> >>>>
>> >>>>>> >>>>
>> >>>>>> >>>>         Still exists and repeated hundreds
of times. Do you know how to
>> >>>>>> >>>>         access the logs mentioned by above
log?
>> >>>>>> >>>>
>> >>>>>> >>>>         Best,
>> >>>>>> >>>>         Wangda
>> >>>>>> >>>>
>> >>>>>> >>>>         On Sat, Jan 12, 2019 at 8:37 PM
David Nalley <david@gnsa.us <mailto:david@gnsa.us>
>> >>>>>> >>>>         <mailto:david@gnsa.us <mailto:david@gnsa.us>>>
wrote:
>> >>>>>> >>>>
>> >>>>>> >>>>             On Sat, Jan 12, 2019 at 9:09
PM Wangda Tan
>> >>>>>> >>>>             <wheeleast@gmail.com <mailto:wheeleast@gmail.com>
<mailto:wheeleast@gmail.com <mailto:wheeleast@gmail.com>>> wrote:
>> >>>>>> >>>>             >
>> >>>>>> >>>>             > Hi Devs,
>> >>>>>> >>>>             >
>> >>>>>> >>>>             > I'm currently rolling
Hadoop 3.1.2 release candidate,
>> >>>>>> >>>>             however, I saw an issue when
I try to close repo in Nexus.
>> >>>>>> >>>>             >
>> >>>>>> >>>>             > Logs of
>> >>>>>> >>> https://repository.apache.org/#stagingRepositories
<https://repository.apache.org/#stagingRepositories>
>> >>>>>> >>>>             (orgapachehadoop-1183) shows
hundreds of lines of the
>> >>>>>> >>>>             following error:
>> >>>>>> >>>>             >
>> >>>>>> >>>>             > failureMessage  No public
key: Key with id:
>> >>>>>> >>>>             (b3fa653d57300d45) was not
able to be located on
>> >>>>>> >>>>             http://gpg-keyserver.de/ <http://gpg-keyserver.de/>.
Upload your public key and try
>> >>>>>> >>> the
>> >>>>>> >>>>             operation again.
>> >>>>>> >>>>             > failureMessage  No public
key: Key with id:
>> >>>>>> >>>>             (b3fa653d57300d45) was not
able to be located on
>> >>>>>> >>>>             http://pool.sks-keyservers.net:11371
<http://pool.sks-keyservers.net:11371/>. Upload your public
>> >>>>>> >>> key
>> >>>>>> >>>>             and try the operation again.
>> >>>>>> >>>>             > failureMessage  No public
key: Key with id:
>> >>>>>> >>>>             (b3fa653d57300d45) was not
able to be located on
>> >>>>>> >>>>             http://pgp.mit.edu:11371 <http://pgp.mit.edu:11371/>.
Upload your public key and try
>> >>>>>> >>> the
>> >>>>>> >>>>             operation again.
>> >>>>>> >>>>             > ...
>> >>>>>> >>>>             > failureMessage  Failed
to validate the pgp signature of
>> >>>>>> >>>>
>> >>>>>> >>>  '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-tests.jar',
>> >>>>>> >>>>             check the logs.
>> >>>>>> >>>>             > failureMessage  Failed
to validate the pgp signature of
>> >>>>>> >>>>
>> >>>>>> >>>  '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-test-sources.jar',
>> >>>>>> >>>>             check the logs.
>> >>>>>> >>>>             > failureMessage  Failed
to validate the pgp signature of
>> >>>>>> >>>>
>> >>>>>> >>>  '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-sources.jar',
>> >>>>>> >>>>             check the logs.
>> >>>>>> >>>>             >
>> >>>>>> >>>>             >
>> >>>>>> >>>>             > This is the same key I
used before (and finished two
>> >>>>>> >>>>             releases), the same environment
I used before.
>> >>>>>> >>>>             >
>> >>>>>> >>>>             > I have tried more than
10 times in the last two days, no
>> >>>>>> >>>>             luck. And closing the repo
takes almost one hour (Regular
>> >>>>>> >>>>             time is less than 1 min) and
always fail at the last.
>> >>>>>> >>>>             >
>> >>>>>> >>>>             > I used following commands
to validate key exists on key
>> >>>>>> >>>>             servers
>> >>>>>> >>>>             >
>> >>>>>> >>>>             > gpg --keyserver pgp.mit.edu
<http://pgp.mit.edu/> <http://pgp.mit.edu <http://pgp.mit.edu/>>
>> >>>>>> >>>>             --recv-keys 57300D45
>> >>>>>> >>>>             > gpg: WARNING: unsafe permissions
on homedir
>> >>>>>> >>>>             '/Users/wtan/.gnupg'
>> >>>>>> >>>>             > gpg: key B3FA653D57300D45:
1 signature not checked due to
>> >>>>>> >>>>             a missing key
>> >>>>>> >>>>             > gpg: key B3FA653D57300D45:
"Wangda tan <wangda@apache.org <mailto:wangda@apache.org>
>> >>>>>> >>>>             <mailto:wangda@apache.org
<mailto:wangda@apache.org>>>" not changed
>> >>>>>> >>>>             > gpg: Total number processed:
1
>> >>>>>> >>>>             > gpg:              unchanged:
1
>> >>>>>> >>>>             >
>> >>>>>> >>>>             > gpg --keyserver pool.sks-keyservers.net
<http://pool.sks-keyservers.net/>
>> >>>>>> >>>>             <http://pool.sks-keyservers.net
<http://pool.sks-keyservers.net/>> --recv-keys
>> >>>>>> >>> B3FA653D57300D45
>> >>>>>> >>>>             > gpg: WARNING: unsafe permissions
on homedir
>> >>>>>> >>>>             '/Users/wtan/.gnupg'
>> >>>>>> >>>>             > gpg: key B3FA653D57300D45:
1 signature not checked due to
>> >>>>>> >>>>             a missing key
>> >>>>>> >>>>             > gpg: key B3FA653D57300D45:
"Wangda tan <wangda@apache.org <mailto:wangda@apache.org>
>> >>>>>> >>>>             <mailto:wangda@apache.org
<mailto:wangda@apache.org>>>" not changed
>> >>>>>> >>>>             > gpg: Total number processed:
1
>> >>>>>> >>>>             > gpg:              unchanged:
1
>> >>>>>> >>>>             >
>> >>>>>> >>>>
>> >>>>>> >>>>             Both of these report that your
key was not found.
>> >>>>>> >>>>             I took the key from the KEYS
file and uploaded it to both of
>> >>>>>> >>>>             those servers.
>> >>>>>> >>>>
>> >>>>>> >>>>             You might try the release again
and see if this resolves the
>> >>>>>> >>>>             issue.
>> >>>>>> >>>>
>> >>>>>> >>>>
>> >>>>>> >>>>
>> >>>>>> >>>> ---------------------------------------------------------------------
>> >>>>>> >>>> To unsubscribe, e-mail: hdfs-dev-unsubscribe@hadoop.apache.org
<mailto:hdfs-dev-unsubscribe@hadoop.apache.org>
>> >>>>>> >>>> For additional commands, e-mail: hdfs-dev-help@hadoop.apache.org
<mailto:hdfs-dev-help@hadoop.apache.org>
>> >>>>>> >>>>
>> >>>>>> >>>
>> >>>>>> >>
>> >>>>>> >


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message