hadoop-yarn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Fox <bri...@infinity.nu>
Subject Re: [Urgent] Question about Nexus repo and Hadoop release
Date Mon, 21 Jan 2019 22:39:59 GMT
They keys file is irrelevant to Nexus. The only thing that matters is it’s in the mit pgp
key ring.

--Brian (mobile)


> On Jan 21, 2019, at 3:34 PM, Wangda Tan <wheeleast@gmail.com> wrote:
> 
> I just checked on KEYS file, it doesn't show sig part. I updated KEYS file on Apache
https://dist.apache.org/repos/dist/release/hadoop/common/KEYS and made it be ultimately trusted.

> 
> pub   rsa4096 2018-03-20 [SC]
>       4C899853CDDA4E40C60212B5B3FA653D57300D45
> uid           [ultimate] Wangda tan <wangda@apache.org>
> sig 3        B3FA653D57300D45 2018-03-20  Wangda tan <wangda@apache.org>
> sub   rsa4096 2018-03-20 [E]
> sig          B3FA653D57300D45 2018-03-20  Wangda tan <wangda@apache.org>
> But the error still remains same while closing repo, not sure how to get it resolved
..
> 
> 
>> On Mon, Jan 21, 2019 at 9:14 AM Wangda Tan <wheeleast@gmail.com> wrote:
>> Hi David,
>> 
>> Thanks for helping check this, 
>> 
>> I can see signatures on my key: 
>> 
>> pub  4096R/57300D45 2018-03-20            
>> 	 Fingerprint=4C89 9853 CDDA 4E40 C602  12B5 B3FA 653D 5730 0D45 
>> 
>> uid Wangda tan <wangda@apache.org>
>> sig  sig3  57300D45 2018-03-20 __________ __________ [selfsig]
>> sig  sig   C36C5F0F 2018-04-05 __________ __________ Vinod Kumar Vavilapalli (I am
also known as @tshooter.) <vinodkv@apache.org>
>> sig  sig   F9CBBD4C 2018-11-08 __________ __________ shikong <wudimenghuan@gmail.com>
>> 
>> sub  4096R/D0C16F12 2018-03-20            
>> sig sbind  57300D45 2018-03-20 __________ __________ []
>> And gpg --edit-key also shows: 
>> 
>> gpg --edit-key 4C899853CDDA4E40C60212B5B3FA653D57300D45
>> gpg (GnuPG) 2.2.5; Copyright (C) 2018 Free Software Foundation, Inc.
>> This is free software: you are free to change and redistribute it.
>> There is NO WARRANTY, to the extent permitted by law.
>> 
>> Secret key is available.
>> 
>> sec  rsa4096/B3FA653D57300D45
>>      created: 2018-03-20  expires: never       usage: SC
>>      trust: unknown       validity: unknown
>> ssb  rsa4096/79CD893FD0C16F12
>>      created: 2018-03-20  expires: never       usage: E
>> [ unknown] (1). Wangda tan <wangda@apache.org>
>> 
>> Thanks,
>> Wangda
>> 
>>> On Mon, Jan 21, 2019 at 9:08 AM David Nalley <david@gnsa.us> wrote:
>>> I wonder if it's because there are no signatures on your key.
>>> 
>>> --David
>>> 
>>> On Mon, Jan 21, 2019 at 11:57 AM Wangda Tan <wheeleast@gmail.com> wrote:
>>> >
>>> > Hi Brian,
>>> >
>>> > Here're links to my key:
>>> >
>>> > http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45
>>> >
>>> > http://pgp.mit.edu/pks/lookup?op=get&search=0xB3FA653D57300D45
>>> >
>>> > On Apache SVN: https://dist.apache.org/repos/dist/release/hadoop/common/KEYS
>>> >
>>> > Thanks,
>>> > Wangda
>>> >
>>> > On Mon, Jan 21, 2019 at 6:51 AM Brian Demers <brian.demers@gmail.com>
wrote:
>>> >>
>>> >> Can you share the link to your key?
>>> >>
>>> >> -Brian
>>> >>
>>> >> On Jan 20, 2019, at 11:21 PM, Wangda Tan <wheeleast@gmail.com>
wrote:
>>> >>
>>> >> Still couldn't figure out without locating the log on the Nexus machine.
With help from several committers and PMCs, we didn't see anything wrong with my signing key.
>>> >>
>>> >> I don't want to delay 3.1.2 more because of this. Is it allowed for
me to publish artifacts (like tarball, source package, etc.) only and somebody else to push
Maven bits to Nexus. I believe Apache bylaw should allow that because there're several releases
have more than one release managers. If it is not allowed, please take over the RM role if
you have the bandwidth, I think most works have been done except close the Nexus repo.
>>> >>
>>> >> Thanks,
>>> >> Wangda
>>> >>
>>> >> On Thu, Jan 17, 2019 at 11:18 AM Wangda Tan <wheeleast@gmail.com>
wrote:
>>> >>>
>>> >>> Spent several more hours trying to figure out the issue, still no
luck.
>>> >>>
>>> >>> I just filed https://issues.sonatype.org/browse/OSSRH-45646, really
appreciate if anybody could add some suggestions.
>>> >>>
>>> >>> Thanks,
>>> >>> Wangda
>>> >>>
>>> >>> On Tue, Jan 15, 2019 at 9:48 AM Wangda Tan <wheeleast@gmail.com>
wrote:
>>> >>>>
>>> >>>> It seems the problem still exists for me:
>>> >>>>
>>> >>>> Now the error message only contains:
>>> >>>>
>>> >>>> failureMessage  Failed to validate the pgp signature of '/org/apache/hadoop/hadoop-client-check-invariants/3.1.2/hadoop-client-check-invariants-3.1.2.pom',
check the logs.
>>> >>>> failureMessage  Failed to validate the pgp signature of '/org/apache/hadoop/hadoop-resourceestimator/3.1.2/hadoop-resourceestimator-3.1.2-javadoc.jar',
check the logs.
>>> >>>>
>>> >>>> If anybody has access the Nexus node, could you please help
to check what is the failure message?
>>> >>>>
>>> >>>> Thanks,
>>> >>>> Wangda
>>> >>>>
>>> >>>>
>>> >>>> On Tue, Jan 15, 2019 at 9:56 AM Brian Fox <brianf@infinity.nu>
wrote:
>>> >>>>>
>>> >>>>> Good to know. The pool has occasionally had sync issues,
but we're talking 3 times in the last 8-9 years.
>>> >>>>>
>>> >>>>> On Tue, Jan 15, 2019 at 10:39 AM Elek, Marton <elek@apache.org>
wrote:
>>> >>>>>>
>>> >>>>>> My key was pushed to the server with pgp about 1 year
ago, and it worked
>>> >>>>>> well with the last Ratis release. So it should be synced
between the key
>>> >>>>>> servers.
>>> >>>>>>
>>> >>>>>> But it seems that the INFRA solved the problem with
shuffling the key
>>> >>>>>> server order (or it was an intermittent issue): see
INFRA-17649
>>> >>>>>>
>>> >>>>>> Seems to be working now...
>>> >>>>>>
>>> >>>>>> Marton
>>> >>>>>>
>>> >>>>>>
>>> >>>>>> On 1/15/19 5:19 AM, Wangda Tan wrote:
>>> >>>>>> > HI Brain,
>>> >>>>>> > Thanks for responding, could u share how to push
to keys to Apache pgp pool?
>>> >>>>>> >
>>> >>>>>> > Best,
>>> >>>>>> > Wangda
>>> >>>>>> >
>>> >>>>>> > On Mon, Jan 14, 2019 at 10:44 AM Brian Fox <brianf@infinity.nu>
wrote:
>>> >>>>>> >
>>> >>>>>> >> Did you push your key up to the pgp pool? That's
what Nexus is validating
>>> >>>>>> >> against. It might take time to propagate if
you just pushed it.
>>> >>>>>> >>
>>> >>>>>> >> On Mon, Jan 14, 2019 at 9:59 AM Elek, Marton
<elek@apache.org> wrote:
>>> >>>>>> >>
>>> >>>>>> >>> Seems to be an INFRA issue for me:
>>> >>>>>> >>>
>>> >>>>>> >>> 1. I downloaded a sample jar file [1] +
the signature from the
>>> >>>>>> >>> repository and it was ok, locally I verified
it.
>>> >>>>>> >>>
>>> >>>>>> >>> 2. I tested it with an other Apache project
(Ratis) and my key. I got
>>> >>>>>> >>> the same problem even if it worked at last
year during the 0.3.0
>>> >>>>>> >>> release. (I used exactly the same command)
>>> >>>>>> >>>
>>> >>>>>> >>> I opened an infra ticket to check the logs
of the Nexus as it was
>>> >>>>>> >>> suggested in the error message:
>>> >>>>>> >>>
>>> >>>>>> >>> https://issues.apache.org/jira/browse/INFRA-17649
>>> >>>>>> >>>
>>> >>>>>> >>> Marton
>>> >>>>>> >>>
>>> >>>>>> >>>
>>> >>>>>> >>> [1]:
>>> >>>>>> >>>
>>> >>>>>> >>> https://repository.apache.org/service/local/repositories/orgapachehadoop-1183/content/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-javadoc.jar
>>> >>>>>> >>>
>>> >>>>>> >>>
>>> >>>>>> >>> On 1/13/19 6:27 AM, Wangda Tan wrote:
>>> >>>>>> >>>> Uploaded sample file and signature.
>>> >>>>>> >>>>
>>> >>>>>> >>>>
>>> >>>>>> >>>>
>>> >>>>>> >>>> On Sat, Jan 12, 2019 at 9:18 PM Wangda
Tan <wheeleast@gmail.com
>>> >>>>>> >>>> <mailto:wheeleast@gmail.com>>
wrote:
>>> >>>>>> >>>>
>>> >>>>>> >>>>     Actually, among the hundreds of
failed messages, the "No public key"
>>> >>>>>> >>>>     issues still occurred several times:
>>> >>>>>> >>>>
>>> >>>>>> >>>>         failureMessage  No public key:
Key with id: (b3fa653d57300d45)
>>> >>>>>> >>>>         was not able to be located
on http://gpg-keyserver.de/. Upload
>>> >>>>>> >>>>         your public key and try the
operation again.
>>> >>>>>> >>>>         failureMessage  No public key:
Key with id: (b3fa653d57300d45)
>>> >>>>>> >>>>         was not able to be located
on
>>> >>>>>> >>>>         http://pool.sks-keyservers.net:11371.
Upload your public key
>>> >>>>>> >>> and
>>> >>>>>> >>>>         try the operation again.
>>> >>>>>> >>>>         failureMessage  No public key:
Key with id: (b3fa653d57300d45)
>>> >>>>>> >>>>         was not able to be located
on http://pgp.mit.edu:11371. Upload
>>> >>>>>> >>>>         your public key and try the
operation again.
>>> >>>>>> >>>>
>>> >>>>>> >>>>     Once the close operation returned,
I will upload sample files which
>>> >>>>>> >>>>     may help troubleshoot the issue.
>>> >>>>>> >>>>
>>> >>>>>> >>>>     Thanks,
>>> >>>>>> >>>>
>>> >>>>>> >>>>     On Sat, Jan 12, 2019 at 9:04 PM
Wangda Tan <wheeleast@gmail.com
>>> >>>>>> >>>>     <mailto:wheeleast@gmail.com>>
wrote:
>>> >>>>>> >>>>
>>> >>>>>> >>>>         Thanks David for the quick
response!
>>> >>>>>> >>>>
>>> >>>>>> >>>>         I just retried, now the "No
public key" issue is gone. However,
>>> >>>>>> >>>>         the issue:
>>> >>>>>> >>>>
>>> >>>>>> >>>>             failureMessage  Failed
to validate the pgp signature of
>>> >>>>>> >>>>
>>> >>>>>> >>>  '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-tests.jar',
>>> >>>>>> >>>>             check the logs.
>>> >>>>>> >>>>             failureMessage  Failed
to validate the pgp signature of
>>> >>>>>> >>>>
>>> >>>>>> >>>  '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-test-sources.jar',
>>> >>>>>> >>>>             check the logs.
>>> >>>>>> >>>>             failureMessage  Failed
to validate the pgp signature of
>>> >>>>>> >>>>
>>> >>>>>> >>>  '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2.pom',
>>> >>>>>> >>>>             check the logs.
>>> >>>>>> >>>>
>>> >>>>>> >>>>
>>> >>>>>> >>>>         Still exists and repeated hundreds
of times. Do you know how to
>>> >>>>>> >>>>         access the logs mentioned by
above log?
>>> >>>>>> >>>>
>>> >>>>>> >>>>         Best,
>>> >>>>>> >>>>         Wangda
>>> >>>>>> >>>>
>>> >>>>>> >>>>         On Sat, Jan 12, 2019 at 8:37
PM David Nalley <david@gnsa.us
>>> >>>>>> >>>>         <mailto:david@gnsa.us>>
wrote:
>>> >>>>>> >>>>
>>> >>>>>> >>>>             On Sat, Jan 12, 2019 at
9:09 PM Wangda Tan
>>> >>>>>> >>>>             <wheeleast@gmail.com
<mailto:wheeleast@gmail.com>> wrote:
>>> >>>>>> >>>>             >
>>> >>>>>> >>>>             > Hi Devs,
>>> >>>>>> >>>>             >
>>> >>>>>> >>>>             > I'm currently rolling
Hadoop 3.1.2 release candidate,
>>> >>>>>> >>>>             however, I saw an issue
when I try to close repo in Nexus.
>>> >>>>>> >>>>             >
>>> >>>>>> >>>>             > Logs of
>>> >>>>>> >>> https://repository.apache.org/#stagingRepositories
>>> >>>>>> >>>>             (orgapachehadoop-1183)
shows hundreds of lines of the
>>> >>>>>> >>>>             following error:
>>> >>>>>> >>>>             >
>>> >>>>>> >>>>             > failureMessage  No
public key: Key with id:
>>> >>>>>> >>>>             (b3fa653d57300d45) was
not able to be located on
>>> >>>>>> >>>>             http://gpg-keyserver.de/.
Upload your public key and try
>>> >>>>>> >>> the
>>> >>>>>> >>>>             operation again.
>>> >>>>>> >>>>             > failureMessage  No
public key: Key with id:
>>> >>>>>> >>>>             (b3fa653d57300d45) was
not able to be located on
>>> >>>>>> >>>>             http://pool.sks-keyservers.net:11371.
Upload your public
>>> >>>>>> >>> key
>>> >>>>>> >>>>             and try the operation again.
>>> >>>>>> >>>>             > failureMessage  No
public key: Key with id:
>>> >>>>>> >>>>             (b3fa653d57300d45) was
not able to be located on
>>> >>>>>> >>>>             http://pgp.mit.edu:11371.
Upload your public key and try
>>> >>>>>> >>> the
>>> >>>>>> >>>>             operation again.
>>> >>>>>> >>>>             > ...
>>> >>>>>> >>>>             > failureMessage  Failed
to validate the pgp signature of
>>> >>>>>> >>>>
>>> >>>>>> >>>  '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-tests.jar',
>>> >>>>>> >>>>             check the logs.
>>> >>>>>> >>>>             > failureMessage  Failed
to validate the pgp signature of
>>> >>>>>> >>>>
>>> >>>>>> >>>  '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-test-sources.jar',
>>> >>>>>> >>>>             check the logs.
>>> >>>>>> >>>>             > failureMessage  Failed
to validate the pgp signature of
>>> >>>>>> >>>>
>>> >>>>>> >>>  '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-sources.jar',
>>> >>>>>> >>>>             check the logs.
>>> >>>>>> >>>>             >
>>> >>>>>> >>>>             >
>>> >>>>>> >>>>             > This is the same key
I used before (and finished two
>>> >>>>>> >>>>             releases), the same environment
I used before.
>>> >>>>>> >>>>             >
>>> >>>>>> >>>>             > I have tried more
than 10 times in the last two days, no
>>> >>>>>> >>>>             luck. And closing the repo
takes almost one hour (Regular
>>> >>>>>> >>>>             time is less than 1 min)
and always fail at the last.
>>> >>>>>> >>>>             >
>>> >>>>>> >>>>             > I used following commands
to validate key exists on key
>>> >>>>>> >>>>             servers
>>> >>>>>> >>>>             >
>>> >>>>>> >>>>             > gpg --keyserver pgp.mit.edu
<http://pgp.mit.edu>
>>> >>>>>> >>>>             --recv-keys 57300D45
>>> >>>>>> >>>>             > gpg: WARNING: unsafe
permissions on homedir
>>> >>>>>> >>>>             '/Users/wtan/.gnupg'
>>> >>>>>> >>>>             > gpg: key B3FA653D57300D45:
1 signature not checked due to
>>> >>>>>> >>>>             a missing key
>>> >>>>>> >>>>             > gpg: key B3FA653D57300D45:
"Wangda tan <wangda@apache.org
>>> >>>>>> >>>>             <mailto:wangda@apache.org>>"
not changed
>>> >>>>>> >>>>             > gpg: Total number
processed: 1
>>> >>>>>> >>>>             > gpg:             
unchanged: 1
>>> >>>>>> >>>>             >
>>> >>>>>> >>>>             > gpg --keyserver pool.sks-keyservers.net
>>> >>>>>> >>>>             <http://pool.sks-keyservers.net>
--recv-keys
>>> >>>>>> >>> B3FA653D57300D45
>>> >>>>>> >>>>             > gpg: WARNING: unsafe
permissions on homedir
>>> >>>>>> >>>>             '/Users/wtan/.gnupg'
>>> >>>>>> >>>>             > gpg: key B3FA653D57300D45:
1 signature not checked due to
>>> >>>>>> >>>>             a missing key
>>> >>>>>> >>>>             > gpg: key B3FA653D57300D45:
"Wangda tan <wangda@apache.org
>>> >>>>>> >>>>             <mailto:wangda@apache.org>>"
not changed
>>> >>>>>> >>>>             > gpg: Total number
processed: 1
>>> >>>>>> >>>>             > gpg:             
unchanged: 1
>>> >>>>>> >>>>             >
>>> >>>>>> >>>>
>>> >>>>>> >>>>             Both of these report that
your key was not found.
>>> >>>>>> >>>>             I took the key from the
KEYS file and uploaded it to both of
>>> >>>>>> >>>>             those servers.
>>> >>>>>> >>>>
>>> >>>>>> >>>>             You might try the release
again and see if this resolves the
>>> >>>>>> >>>>             issue.
>>> >>>>>> >>>>
>>> >>>>>> >>>>
>>> >>>>>> >>>>
>>> >>>>>> >>>> ---------------------------------------------------------------------
>>> >>>>>> >>>> To unsubscribe, e-mail: hdfs-dev-unsubscribe@hadoop.apache.org
>>> >>>>>> >>>> For additional commands, e-mail: hdfs-dev-help@hadoop.apache.org
>>> >>>>>> >>>>
>>> >>>>>> >>>
>>> >>>>>> >>
>>> >>>>>> >

Mime
  • Unnamed multipart/alternative (inline, 7-Bit, 0 bytes)
View raw message