Sid, I see that the certificate in https://maven.restlet.com expired 19 days back. I guess this issue wouldn't be impact folks who have .m2 cache populated with org.restlet artifacts earlier (than the certificate expiry). Until this certificate is renewed, you can use the flags to build Atlas.
Thanks, Madhan On 12/1/22, 12:53 PM, "Sidharth Mishra" <[email protected]> wrote: Thanks Madhan and Sarath. I tried the below and the signature verification worked with warning as shown below: curl -O https://dist.apache.org/repos/dist/dev/atlas/KEYS gpg --import KEYS gpg --list madhan # Checked it has FED467D3B01179D4 gpg --verify apache-atlas-2.3.0-sources.tar.gz.asc apache-atlas-2.3.0-sources.tar.gz gpg: Signature made Mon Nov 28 13:14:22 2022 PST gpg: using RSA key FED467D3B01179D4 gpg: Good signature from "Madhan Neethiraj <[email protected]>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 0524 DD1F 7940 6654 6D61 0744 FED4 67D3 B011 79D4 Still I am getting below error when I run maven clean install. Adding the -Dmaven.wagon.http.ssl.ignore.validity.dates=true -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true is ignoring this issue. Do you have any ideas on this? [ERROR] Failed to execute goal on project atlas-testtools: Could not resolve dependencies for project org.apache.atlas:atlas-testtools:jar:2.3.0: Failed to collect dependencies at org.apache.solr:solr-test-framework:jar:8.6.3 -> org.restlet.jee:org.restlet:jar:2.4.3: Failed to read artifact descriptor for org.restlet.jee:org.restlet:jar:2.4.3: Could not transfer artifact org.restlet.jee:org.restlet:pom:2.4.3 from/to maven-restlet (https://maven.restlet.com): transfer failed for https://maven.restlet.com/org/restlet/jee/org.restlet/2.4.3/org.restlet-2.4.3.pom: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed: NotAfter: Sun Nov 13 09:05:56 PST 2022 -> [Help 1] Thanks, Sid On Thu, Dec 1, 2022 at 10:04 AM Sarath Subramanian <[email protected]> wrote: > > Sid, > > I followed the below steps to verify signature. I'm running on Mac OS > Monterey. > > wget https://dist.apache.org/repos/dist/dev/atlas/KEYS > > gpg --import KEYS > > gpg --verify apache-atlas-2.3.0-sources.tar.gz.asc > > apache-atlas-2.3.0-sources.tar.gz > > > > Thanks, > Sarath > > On Wed, Nov 30, 2022 at 11:50 PM Sidharth Mishra <[email protected]> > wrote: > > > Thank you Madhan for the release candidate. > > > > Validated the following and faced some issues as mentioned below: > > > > - Able to download source, signature, md5 and sha512 files and verify > > the checksum hash > > - I am not able to verify the signature of the source. Steps I followed: > > curl -O https://downloads.apache.org/atlas/KEYS > > gpg --import KEYS > > gpg --list-sigs madhan # Gives the correct output > > pub rsa4096 2020-06-10 [SC] [expires: 2024-06-09] > > 1B6007E9CDEC4913DFB5031B630E02BA8823016D > > uid [ unknown] Madhan Neethiraj < > > [email protected]> > > sig 3 630E02BA8823016D 2020-06-10 > > Madhan Neethiraj <[email protected]> > > sub rsa4096 2020-06-10 [E] [expires: 2024-06-09] > > sig 630E02BA8823016D 2020-06-10 Madhan > > Neethiraj <[email protected]> > > > > pub rsa2048 2014-11-10 [SC] [expired: 2018-11-10] > > 4BDEE6708B5F5216CF0BA42754EA1B4FFA03B08A > > uid [ expired] Madhan Neethiraj < > > [email protected]> > > sig 3 54EA1B4FFA03B08A 2014-11-10 Madhan > > Neethiraj <[email protected]> > > sig 9C0596B11E19B762 2014-11-10 [User ID not > > found] > > sig 2C1CD6311ED05C4A 2016-02-16 [User ID not > > found] > > sig 3 X EB4200BBD4393DE8 2016-04-30 [User ID not > > found] > > > > gpg --verify apache-atlas-2.3.0-sources.tar.gz.asc > > apache-atlas-2.3.0-sources.tar.gz > > gpg: Signature made Mon Nov 28 13:14:22 2022 PST > > gpg: using RSA key FED467D3B01179D4 > > gpg: Can't check signature: No public key > > > > # Even tried this and no help as it didn't download any keys > > gpg --keyserver > > https://dist.apache.org/repos/dist/release/atlas/KEYS --recv-keys > > FED467D3B01179D4 > > > > - Build failed for the source using embedded-hbase-solr profile - > > > > [ERROR] Failed to execute goal on project atlas-testtools: Could not > > resolve dependencies for project > > org.apache.atlas:atlas-testtools:jar:2.3.0: Failed to collect > > dependencies at org.apache.solr:solr-test-framework:jar:8.6.3 -> > > org.restlet.jee:org.restlet:jar:2.4.3: Failed to read artifact > > descriptor for org.restlet.jee:org.restlet:jar:2.4.3: Could not > > transfer artifact org.restlet.jee:org.restlet:pom:2.4.3 from/to > > maven-restlet (https://maven.restlet.com): transfer failed for > > > > https://maven.restlet.com/org/restlet/jee/org.restlet/2.4.3/org.restlet-2.4.3.pom > > : > > sun.security.validator.ValidatorException: PKIX path validation > > failed: java.security.cert.CertPathValidatorException: validity check > > failed: NotAfter: Sun Nov 13 09:05:56 PST 2022 -> [Help 1] > > [ERROR] > > [ERROR] To see the full stack trace of the errors, re-run Maven with > > the -e switch. > > [ERROR] Re-run Maven using the -X switch to enable full debug logging. > > [ERROR] > > [ERROR] For more information about the errors and possible > > solutions, please read the following articles: > > [ERROR] [Help 1] > > > > http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException > > [ERROR] > > [ERROR] After correcting the problems, you can resume the build with > > the command > > [ERROR] mvn <args> -rf :atlas-testtools > > > > By running the below command the above issue was resolved as it > > ignored all ssl verifications (Similar issue - > > > > https://stackoverflow.com/questions/68199459/maven-build-failed-pkix-path-validation-failed-java-security-cert-certpathval > > ): > > ln -s /usr/local/bin/python3 /usr/local/bin/python # As by > > default python3 gets installed when we upgrade to mac ventura and no > > python symlink > > mvn clean install > > -Dmaven.wagon.http.ssl.ignore.validity.dates=true > > -Dmaven.wagon.http.ssl.insecure=true > > -Dmaven.wagon.http.ssl.allowall=true > > mvn clean package -Pdist > > -Dmaven.wagon.http.ssl.ignore.validity.dates=true > > -Dmaven.wagon.http.ssl.insecure=true > > -Dmaven.wagon.http.ssl.allowall=true > > > > - started Atlas and ran quickstart script to preload sample types and > > entities > > - validated relation search, basic and advanced search > > > > P.S. Recently I upgraded my mac to ventura and I'm not sure if these > > issues are due to the upgrade. If someone else has a similar mac > > version and it works for them then we are good to proceed. > > Please check once if the signature is correct or else I will debug > > further at my end. > > > > Thanks, > > Sid > > > > > > > > On Tue, Nov 29, 2022 at 10:17 PM Sarath Subramanian <[email protected]> > > wrote: > > > > > > Thank you Madhan for the release candidate. > > > > > > +1 for Apache Atlas 2.3.0 release candidate #1 > > > > > > validated the following: > > > - Able to download source, signature, md5 and sha512 files and verified > > > checksum hash > > > - validated signature of source from release manager (Madhan Neethiraj < > > > [email protected]>) > > > - Build the source successfully using embedded-hbase-solr profile > > > - started Atlas and ran quickstart script to preload sample types and > > > entities > > > - validated relation search, basic and advanced search > > > > > > Thanks, > > > Sarath > > > > > > > > > > > > > > > > > > On Mon, Nov 28, 2022 at 1:50 PM Madhan Neethiraj <[email protected]> > > wrote: > > > > > > > Atlas team, > > > > > > > > > > > > > > > > Apache Atlas 2.3.0 release candidate #1 is now available for a vote > > within > > > > dev community. Links to the release artifacts are given below. Please > > > > review and vote. > > > > > > > > > > > > > > > > The vote will be open for at least 72 hours or until necessary votes > > are > > > > reached. > > > > > > > > [ ] +1 approve > > > > > > > > [ ] +0 no opinion > > > > > > > > [ ] -1 disapprove (and reason why) > > > > > > > > > > > > > > > > Thanks, > > > > > > > > Madhan > > > > > > > > > > > > > > > > > > > > > > > > List of issues addressed in this release: > > > > > > https://issues.apache.org/jira/issues/?jql=project%20%3D%20Atlas%20AND%20fixVersion%20%3D%202.3.0%20ORDER%20BY%20key%20DESC > > > > > > > > > > > > > > > > Git tag for the release: > > > > https://github.com/apache/atlas/tree/release-2.3.0-rc1 > > > > > > > > Sources for the release: > > > > > > https://dist.apache.org/repos/dist/dev/atlas/2.3.0-rc1/apache-atlas-2.3.0-sources.tar.gz > > > > > > > > > > > > > > > > Source release verification: > > > > > > > > PGP Signature: > > > > > > https://dist.apache.org/repos/dist/dev/atlas/2.3.0-rc1/apache-atlas-2.3.0-sources.tar.gz.asc > > > > > > > > MD5 Hash: > > > > > > https://dist.apache.org/repos/dist/dev/atlas/2.3.0-rc1/apache-atlas-2.3.0-sources.tar.gz.md5 > > > > > > > > SHA512 Hash: > > > > > > https://dist.apache.org/repos/dist/dev/atlas/2.3.0-rc1/apache-atlas-2.3.0-sources.tar.gz.sha512 > > > > > > > > > > > > > > > > Keys to verify the signature of the release artifacts are available at: > > > > https://dist.apache.org/repos/dist/dev/atlas/KEYS > > > > > > > > > >
