hadoop-yarn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wangda Tan <wheele...@gmail.com>
Subject Re: [Urgent] Question about Nexus repo and Hadoop release
Date Mon, 21 Jan 2019 20:34:04 GMT
I just checked on KEYS file, it doesn't show sig part. I updated KEYS file
on Apache https://dist.apache.org/repos/dist/release/hadoop/common/KEYS and
made it be ultimately trusted.

pub   rsa4096 2018-03-20 [SC]
      4C899853CDDA4E40C60212B5B3FA653D57300D45
uid           [ultimate] Wangda tan <wangda@apache.org>
sig 3        B3FA653D57300D45 2018-03-20  Wangda tan <wangda@apache.org>
sub   rsa4096 2018-03-20 [E]
sig          B3FA653D57300D45 2018-03-20  Wangda tan <wangda@apache.org>

But the error still remains same while closing repo, not sure how to
get it resolved ..



On Mon, Jan 21, 2019 at 9:14 AM Wangda Tan <wheeleast@gmail.com> wrote:

> Hi David,
>
> Thanks for helping check this,
>
> I can see signatures on my key:
>
> pub  4096R/57300D45 <http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45>
2018-03-20
> 	 Fingerprint=4C89 9853 CDDA 4E40 C602  12B5 B3FA 653D 5730 0D45
> uid Wangda tan <wangda@apache.org>
> sig  sig3  57300D45 <http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45>
2018-03-20 __________ __________ [selfsig] <http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0xB3FA653D57300D45>
> sig  sig   C36C5F0F <http://pool.sks-keyservers.net:11371/key/0x255ADF56C36C5F0F>
2018-04-05 __________ __________ Vinod Kumar Vavilapalli (I am also known as @tshooter.) <vinodkv@apache.org>
<http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0x255ADF56C36C5F0F>
> sig  sig   F9CBBD4C <http://pool.sks-keyservers.net:11371/key/0x29ED86E6F9CBBD4C>
2018-11-08 __________ __________ shikong <wudimenghuan@gmail.com> <http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0x29ED86E6F9CBBD4C>
> sub  4096R/D0C16F12 2018-03-20
> sig sbind  57300D45 <http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45>
2018-03-20 __________ __________ [] <http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0xB3FA653D57300D45>
>
> And gpg --edit-key also shows:
>
> gpg --edit-key 4C899853CDDA4E40C60212B5B3FA653D57300D45
> gpg (GnuPG) 2.2.5; Copyright (C) 2018 Free Software Foundation, Inc.
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
>
> Secret key is available.
>
> sec  rsa4096/B3FA653D57300D45
>      created: 2018-03-20  expires: never       usage: SC
>      trust: unknown       validity: unknown
> ssb  rsa4096/79CD893FD0C16F12
>      created: 2018-03-20  expires: never       usage: E
> [ unknown] (1). Wangda tan <wangda@apache.org>
>
> Thanks,
> Wangda
>
> On Mon, Jan 21, 2019 at 9:08 AM David Nalley <david@gnsa.us> wrote:
>
>> I wonder if it's because there are no signatures on your key.
>>
>> --David
>>
>> On Mon, Jan 21, 2019 at 11:57 AM Wangda Tan <wheeleast@gmail.com> wrote:
>> >
>> > Hi Brian,
>> >
>> > Here're links to my key:
>> >
>> > http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45
>> >
>> > http://pgp.mit.edu/pks/lookup?op=get&search=0xB3FA653D57300D45
>> >
>> > On Apache SVN:
>> https://dist.apache.org/repos/dist/release/hadoop/common/KEYS
>> >
>> > Thanks,
>> > Wangda
>> >
>> > On Mon, Jan 21, 2019 at 6:51 AM Brian Demers <brian.demers@gmail.com>
>> wrote:
>> >>
>> >> Can you share the link to your key?
>> >>
>> >> -Brian
>> >>
>> >> On Jan 20, 2019, at 11:21 PM, Wangda Tan <wheeleast@gmail.com> wrote:
>> >>
>> >> Still couldn't figure out without locating the log on the Nexus
>> machine. With help from several committers and PMCs, we didn't see anything
>> wrong with my signing key.
>> >>
>> >> I don't want to delay 3.1.2 more because of this. Is it allowed for me
>> to publish artifacts (like tarball, source package, etc.) only and somebody
>> else to push Maven bits to Nexus. I believe Apache bylaw should allow that
>> because there're several releases have more than one release managers. If
>> it is not allowed, please take over the RM role if you have the bandwidth,
>> I think most works have been done except close the Nexus repo.
>> >>
>> >> Thanks,
>> >> Wangda
>> >>
>> >> On Thu, Jan 17, 2019 at 11:18 AM Wangda Tan <wheeleast@gmail.com>
>> wrote:
>> >>>
>> >>> Spent several more hours trying to figure out the issue, still no
>> luck.
>> >>>
>> >>> I just filed https://issues.sonatype.org/browse/OSSRH-45646, really
>> appreciate if anybody could add some suggestions.
>> >>>
>> >>> Thanks,
>> >>> Wangda
>> >>>
>> >>> On Tue, Jan 15, 2019 at 9:48 AM Wangda Tan <wheeleast@gmail.com>
>> wrote:
>> >>>>
>> >>>> It seems the problem still exists for me:
>> >>>>
>> >>>> Now the error message only contains:
>> >>>>
>> >>>> failureMessage  Failed to validate the pgp signature of
>> '/org/apache/hadoop/hadoop-client-check-invariants/3.1.2/hadoop-client-check-invariants-3.1.2.pom',
>> check the logs.
>> >>>> failureMessage  Failed to validate the pgp signature of
>> '/org/apache/hadoop/hadoop-resourceestimator/3.1.2/hadoop-resourceestimator-3.1.2-javadoc.jar',
>> check the logs.
>> >>>>
>> >>>> If anybody has access the Nexus node, could you please help to check
>> what is the failure message?
>> >>>>
>> >>>> Thanks,
>> >>>> Wangda
>> >>>>
>> >>>>
>> >>>> On Tue, Jan 15, 2019 at 9:56 AM Brian Fox <brianf@infinity.nu>
>> wrote:
>> >>>>>
>> >>>>> Good to know. The pool has occasionally had sync issues, but
we're
>> talking 3 times in the last 8-9 years.
>> >>>>>
>> >>>>> On Tue, Jan 15, 2019 at 10:39 AM Elek, Marton <elek@apache.org>
>> wrote:
>> >>>>>>
>> >>>>>> My key was pushed to the server with pgp about 1 year ago,
and it
>> worked
>> >>>>>> well with the last Ratis release. So it should be synced
between
>> the key
>> >>>>>> servers.
>> >>>>>>
>> >>>>>> But it seems that the INFRA solved the problem with shuffling
the
>> key
>> >>>>>> server order (or it was an intermittent issue): see INFRA-17649
>> >>>>>>
>> >>>>>> Seems to be working now...
>> >>>>>>
>> >>>>>> Marton
>> >>>>>>
>> >>>>>>
>> >>>>>> On 1/15/19 5:19 AM, Wangda Tan wrote:
>> >>>>>> > HI Brain,
>> >>>>>> > Thanks for responding, could u share how to push to
keys to
>> Apache pgp pool?
>> >>>>>> >
>> >>>>>> > Best,
>> >>>>>> > Wangda
>> >>>>>> >
>> >>>>>> > On Mon, Jan 14, 2019 at 10:44 AM Brian Fox <brianf@infinity.nu>
>> wrote:
>> >>>>>> >
>> >>>>>> >> Did you push your key up to the pgp pool? That's
what Nexus is
>> validating
>> >>>>>> >> against. It might take time to propagate if you
just pushed it.
>> >>>>>> >>
>> >>>>>> >> On Mon, Jan 14, 2019 at 9:59 AM Elek, Marton <elek@apache.org>
>> wrote:
>> >>>>>> >>
>> >>>>>> >>> Seems to be an INFRA issue for me:
>> >>>>>> >>>
>> >>>>>> >>> 1. I downloaded a sample jar file [1] + the
signature from the
>> >>>>>> >>> repository and it was ok, locally I verified
it.
>> >>>>>> >>>
>> >>>>>> >>> 2. I tested it with an other Apache project
(Ratis) and my
>> key. I got
>> >>>>>> >>> the same problem even if it worked at last
year during the
>> 0.3.0
>> >>>>>> >>> release. (I used exactly the same command)
>> >>>>>> >>>
>> >>>>>> >>> I opened an infra ticket to check the logs
of the Nexus as it
>> was
>> >>>>>> >>> suggested in the error message:
>> >>>>>> >>>
>> >>>>>> >>> https://issues.apache.org/jira/browse/INFRA-17649
>> >>>>>> >>>
>> >>>>>> >>> Marton
>> >>>>>> >>>
>> >>>>>> >>>
>> >>>>>> >>> [1]:
>> >>>>>> >>>
>> >>>>>> >>>
>> https://repository.apache.org/service/local/repositories/orgapachehadoop-1183/content/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-javadoc.jar
>> >>>>>> >>>
>> >>>>>> >>>
>> >>>>>> >>> On 1/13/19 6:27 AM, Wangda Tan wrote:
>> >>>>>> >>>> Uploaded sample file and signature.
>> >>>>>> >>>>
>> >>>>>> >>>>
>> >>>>>> >>>>
>> >>>>>> >>>> On Sat, Jan 12, 2019 at 9:18 PM Wangda
Tan <
>> wheeleast@gmail.com
>> >>>>>> >>>> <mailto:wheeleast@gmail.com>>
wrote:
>> >>>>>> >>>>
>> >>>>>> >>>>     Actually, among the hundreds of failed
messages, the "No
>> public key"
>> >>>>>> >>>>     issues still occurred several times:
>> >>>>>> >>>>
>> >>>>>> >>>>         failureMessage  No public key:
Key with id:
>> (b3fa653d57300d45)
>> >>>>>> >>>>         was not able to be located on
>> http://gpg-keyserver.de/. Upload
>> >>>>>> >>>>         your public key and try the operation
again.
>> >>>>>> >>>>         failureMessage  No public key:
Key with id:
>> (b3fa653d57300d45)
>> >>>>>> >>>>         was not able to be located on
>> >>>>>> >>>>         http://pool.sks-keyservers.net:11371.
Upload your
>> public key
>> >>>>>> >>> and
>> >>>>>> >>>>         try the operation again.
>> >>>>>> >>>>         failureMessage  No public key:
Key with id:
>> (b3fa653d57300d45)
>> >>>>>> >>>>         was not able to be located on
>> http://pgp.mit.edu:11371. Upload
>> >>>>>> >>>>         your public key and try the operation
again.
>> >>>>>> >>>>
>> >>>>>> >>>>     Once the close operation returned,
I will upload sample
>> files which
>> >>>>>> >>>>     may help troubleshoot the issue.
>> >>>>>> >>>>
>> >>>>>> >>>>     Thanks,
>> >>>>>> >>>>
>> >>>>>> >>>>     On Sat, Jan 12, 2019 at 9:04 PM Wangda
Tan <
>> wheeleast@gmail.com
>> >>>>>> >>>>     <mailto:wheeleast@gmail.com>>
wrote:
>> >>>>>> >>>>
>> >>>>>> >>>>         Thanks David for the quick response!
>> >>>>>> >>>>
>> >>>>>> >>>>         I just retried, now the "No public
key" issue is
>> gone. However,
>> >>>>>> >>>>         the issue:
>> >>>>>> >>>>
>> >>>>>> >>>>             failureMessage  Failed to validate
the pgp
>> signature of
>> >>>>>> >>>>
>> >>>>>> >>>
>> '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-tests.jar',
>> >>>>>> >>>>             check the logs.
>> >>>>>> >>>>             failureMessage  Failed to validate
the pgp
>> signature of
>> >>>>>> >>>>
>> >>>>>> >>>
>> '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-test-sources.jar',
>> >>>>>> >>>>             check the logs.
>> >>>>>> >>>>             failureMessage  Failed to validate
the pgp
>> signature of
>> >>>>>> >>>>
>> >>>>>> >>>
>> '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2.pom',
>> >>>>>> >>>>             check the logs.
>> >>>>>> >>>>
>> >>>>>> >>>>
>> >>>>>> >>>>         Still exists and repeated hundreds
of times. Do you
>> know how to
>> >>>>>> >>>>         access the logs mentioned by above
log?
>> >>>>>> >>>>
>> >>>>>> >>>>         Best,
>> >>>>>> >>>>         Wangda
>> >>>>>> >>>>
>> >>>>>> >>>>         On Sat, Jan 12, 2019 at 8:37 PM
David Nalley <
>> david@gnsa.us
>> >>>>>> >>>>         <mailto:david@gnsa.us>>
wrote:
>> >>>>>> >>>>
>> >>>>>> >>>>             On Sat, Jan 12, 2019 at 9:09
PM Wangda Tan
>> >>>>>> >>>>             <wheeleast@gmail.com <mailto:wheeleast@gmail.com>>
>> wrote:
>> >>>>>> >>>>             >
>> >>>>>> >>>>             > Hi Devs,
>> >>>>>> >>>>             >
>> >>>>>> >>>>             > I'm currently rolling
Hadoop 3.1.2 release
>> candidate,
>> >>>>>> >>>>             however, I saw an issue when
I try to close repo
>> in Nexus.
>> >>>>>> >>>>             >
>> >>>>>> >>>>             > Logs of
>> >>>>>> >>> https://repository.apache.org/#stagingRepositories
>> >>>>>> >>>>             (orgapachehadoop-1183) shows
hundreds of lines of
>> the
>> >>>>>> >>>>             following error:
>> >>>>>> >>>>             >
>> >>>>>> >>>>             > failureMessage  No public
key: Key with id:
>> >>>>>> >>>>             (b3fa653d57300d45) was not
able to be located on
>> >>>>>> >>>>             http://gpg-keyserver.de/. Upload
your public key
>> and try
>> >>>>>> >>> the
>> >>>>>> >>>>             operation again.
>> >>>>>> >>>>             > failureMessage  No public
key: Key with id:
>> >>>>>> >>>>             (b3fa653d57300d45) was not
able to be located on
>> >>>>>> >>>>             http://pool.sks-keyservers.net:11371.
Upload
>> your public
>> >>>>>> >>> key
>> >>>>>> >>>>             and try the operation again.
>> >>>>>> >>>>             > failureMessage  No public
key: Key with id:
>> >>>>>> >>>>             (b3fa653d57300d45) was not
able to be located on
>> >>>>>> >>>>             http://pgp.mit.edu:11371. Upload
your public key
>> and try
>> >>>>>> >>> the
>> >>>>>> >>>>             operation again.
>> >>>>>> >>>>             > ...
>> >>>>>> >>>>             > failureMessage  Failed
to validate the pgp
>> signature of
>> >>>>>> >>>>
>> >>>>>> >>>
>> '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-tests.jar',
>> >>>>>> >>>>             check the logs.
>> >>>>>> >>>>             > failureMessage  Failed
to validate the pgp
>> signature of
>> >>>>>> >>>>
>> >>>>>> >>>
>> '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-test-sources.jar',
>> >>>>>> >>>>             check the logs.
>> >>>>>> >>>>             > failureMessage  Failed
to validate the pgp
>> signature of
>> >>>>>> >>>>
>> >>>>>> >>>
>> '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-sources.jar',
>> >>>>>> >>>>             check the logs.
>> >>>>>> >>>>             >
>> >>>>>> >>>>             >
>> >>>>>> >>>>             > This is the same key I
used before (and
>> finished two
>> >>>>>> >>>>             releases), the same environment
I used before.
>> >>>>>> >>>>             >
>> >>>>>> >>>>             > I have tried more than
10 times in the last two
>> days, no
>> >>>>>> >>>>             luck. And closing the repo
takes almost one hour
>> (Regular
>> >>>>>> >>>>             time is less than 1 min) and
always fail at the
>> last.
>> >>>>>> >>>>             >
>> >>>>>> >>>>             > I used following commands
to validate key
>> exists on key
>> >>>>>> >>>>             servers
>> >>>>>> >>>>             >
>> >>>>>> >>>>             > gpg --keyserver pgp.mit.edu
<http://pgp.mit.edu
>> >
>> >>>>>> >>>>             --recv-keys 57300D45
>> >>>>>> >>>>             > gpg: WARNING: unsafe permissions
on homedir
>> >>>>>> >>>>             '/Users/wtan/.gnupg'
>> >>>>>> >>>>             > gpg: key B3FA653D57300D45:
1 signature not
>> checked due to
>> >>>>>> >>>>             a missing key
>> >>>>>> >>>>             > gpg: key B3FA653D57300D45:
"Wangda tan <
>> wangda@apache.org
>> >>>>>> >>>>             <mailto:wangda@apache.org>>"
not changed
>> >>>>>> >>>>             > gpg: Total number processed:
1
>> >>>>>> >>>>             > gpg:              unchanged:
1
>> >>>>>> >>>>             >
>> >>>>>> >>>>             > gpg --keyserver pool.sks-keyservers.net
>> >>>>>> >>>>             <http://pool.sks-keyservers.net>
--recv-keys
>> >>>>>> >>> B3FA653D57300D45
>> >>>>>> >>>>             > gpg: WARNING: unsafe permissions
on homedir
>> >>>>>> >>>>             '/Users/wtan/.gnupg'
>> >>>>>> >>>>             > gpg: key B3FA653D57300D45:
1 signature not
>> checked due to
>> >>>>>> >>>>             a missing key
>> >>>>>> >>>>             > gpg: key B3FA653D57300D45:
"Wangda tan <
>> wangda@apache.org
>> >>>>>> >>>>             <mailto:wangda@apache.org>>"
not changed
>> >>>>>> >>>>             > gpg: Total number processed:
1
>> >>>>>> >>>>             > gpg:              unchanged:
1
>> >>>>>> >>>>             >
>> >>>>>> >>>>
>> >>>>>> >>>>             Both of these report that your
key was not found.
>> >>>>>> >>>>             I took the key from the KEYS
file and uploaded it
>> to both of
>> >>>>>> >>>>             those servers.
>> >>>>>> >>>>
>> >>>>>> >>>>             You might try the release again
and see if this
>> resolves the
>> >>>>>> >>>>             issue.
>> >>>>>> >>>>
>> >>>>>> >>>>
>> >>>>>> >>>>
>> >>>>>> >>>>
>> ---------------------------------------------------------------------
>> >>>>>> >>>> To unsubscribe, e-mail:
>> hdfs-dev-unsubscribe@hadoop.apache.org
>> >>>>>> >>>> For additional commands, e-mail:
>> hdfs-dev-help@hadoop.apache.org
>> >>>>>> >>>>
>> >>>>>> >>>
>> >>>>>> >>
>> >>>>>> >
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message