Thanks for your review, Phil! I am inclined to say that these do not have to block the release. I will however dig into the CM integration descriptors and determine just how CM specific this is. If it doesn't break any default behavior, then I think we can accept it for now but am open to anyone else's opinion there as well.
On Thu, Apr 16, 2020 at 11:33 AM Phil Zampino <pzamp...@apache.org> wrote: > Thank you for preparing this release candidate. > > I've verified the signatures and built/installed from source. > I've exercised the homepage, Admin UI and ClouderaManager discovery. > > I did notice that the homepage has the following for the Knox Version: > 1.4.0 (hash=1.4.0) ? > > Not necessarily release blockers, but questions for future releases: > > - Can the sandbox topology be migrated to a descriptor? > - Are there other topologies which can be migrated to descriptors? > - Should Knox be monitoring the ClouderaManager integration descriptors > by default? > e.g., knox.gateway > (ClouderaManagerDescriptorMonitor.java:setupMonitor(66)) - Monitoring > Cloudera Manager descriptors in ... > > > > On Thu, Apr 16, 2020 at 10:47 AM Sandor Molnar > <smol...@cloudera.com.invalid> > wrote: > > > Hi folks, > > > > Here is my +1 for RC1 of Knox 1.4. > > I verified the updated signatures and ran some basic tests (including > some > > of the new features) using the downloaded product. > > > > Cheers, > > Sandor > > > > On Thu, Apr 16, 2020 at 4:29 PM larry mccay <lmc...@apache.org> wrote: > > > > > Sorry about that folks - I've corrected the signatures now. > > > Please feel free to check now. > > > > > > --larry > > > > > > On Thu, Apr 16, 2020 at 7:09 AM Sandeep Moré <moresand...@gmail.com> > > > wrote: > > > > > > > I am getting the same error as well, looks like the key used to sign > > the > > > > release has changed. > > > > It also appears that we do not have the tar.gz file for > knox-1.4.0-src > > > > (i.e. knox-1.4.0-src.tar.gz) > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > *gpg --list-keys | grep -B 2 Larrypub rsa4096 2013-10-08 [SC] > > > > CB951DC938391FE207682BB582F9C371587C089Buid [ unknown] > Larry > > > > McCay (CODE SIGNING KEY) <lmc...@apache.org <lmc...@apache.org > >>--pub > > > > rsa4096 2014-06-16 [SCEA] [revoked: 2016-08-16] > > > > E633929ED2B59AE4D37C9B4A9F6D85AC587C089Buid [ revoked] > Larry > > > > McCay (CODE SIGNING KEY) <lmc...@apache.org <lmc...@apache.org>>* > > > > > > > > > > > > On Thu, Apr 16, 2020 at 6:49 AM Sandor Molnar > > > <smol...@cloudera.com.invalid > > > > > > > > > wrote: > > > > > > > > > Thank you, Larry, for preparing the new release! > > > > > > > > > > I tried to verify the signature of knox-1.4.0.zip using GPG but > > > > > verification failed for me with the following error: > > > > > > > > > > $ gpg --import KEYS > > > > > gpg: directory 'XXX' created > > > > > gpg: keybox 'XXX/pubring.kbx' created > > > > > gpg: key 82F9C371587C089B: 1 signature not checked due to a missing > > key > > > > > gpg: XXX/trustdb.gpg: trustdb created > > > > > gpg: key 82F9C371587C089B: public key "Larry McCay (CODE SIGNING > > KEY) < > > > > > lmc...@apache.org>" imported > > > > > gpg: key 57846920EACB2DAE: 2 signatures not checked due to missing > > keys > > > > > gpg: key 57846920EACB2DAE: public key "Kevin Minder (Code signing) > < > > > > > kmin...@apache.org>" imported > > > > > gpg: key 2B5842B902C74EAE: public key "Sumit Gupta < > su...@apache.org > > >" > > > > > imported > > > > > gpg: key 12D51C2DE72B5D09: public key "Kevin Risden (CODE SIGNING > > KEY) > > > < > > > > > kris...@apache.org>" imported > > > > > gpg: Total number processed: 4 > > > > > gpg: imported: 4 > > > > > gpg: no ultimately trusted keys found > > > > > > > > > > $ gpg --verify knox-1.4.0.zip.asc > > > > > gpg: assuming signed data in 'knox-1.4.0.zip' > > > > > gpg: Signature made Wed Apr 15 02:36:28 2020 CEST > > > > > gpg: using RSA key > > > > 7AEC60D6E92792CCE08CDEDE3704A2F46A6B52DF > > > > > gpg: Can't check signature: No public key > > > > > > > > > > Could you please let me know if I'm doing something wrong or the > KEYS > > > > file > > > > > is incorrect? > > > > > > > > > > Thanks, > > > > > Sandor > > > > > > > > > > P.S.: the rest seems to be OK. I deployed/started Knox, reached the > > new > > > > > Home PAge, logged into Admin UI, tested some of the new features. > > > > > > > > > > On Wed, Apr 15, 2020 at 3:01 AM larry mccay <lmc...@apache.org> > > wrote: > > > > > > > > > > > All - > > > > > > > > > > > > A candidate for the Apache Knox 1.4.0 release is available at: > > > > > > > > > > > > https://dist.apache.org/repos/dist/dev/knox/knox-1.4.0/ > > > > > > > > > > > > The release candidate is a zip archive of the sources in: > > > > > > > > > > > > https://https://gitbox.apache.org/repos/asf/knox.git > > > > > > Branch v1.4.0 (git checkout -b v1.4.0) > > > > > > > > > > > > The KEYS file for signature validation is available at: > > > > > > https://dist.apache.org/repos/dist/release/knox/KEYS > > > > > > > > > > > > To assist in testing the knoxshell features you can find the new > > > > > KnoxShell > > > > > > User Guide at > > > > > > > http://knox.apache.org/books/knox-1-4-0/knoxshell_user_guide.html > > > > > > > > > > > > Gateway User Guide: > > > > > > http://knox.apache.org/books/knox-1-4-0/user-guide.html > > > > > > > > > > > > Dev Guide: > http://knox.apache.org/books/knox-1-4-0/dev-guide.html > > > > > > > > > > > > Please vote on releasing this package as Apache Knox 1.4.0. > > > > > > The vote is open for the next 72 hours and passes if a majority > of > > at > > > > > > least three +1 Apache Knox PMC votes are cast. > > > > > > > > > > > > [ ] +1 Release this package as Apache Knox 1.4.0 > > > > > > [ ] -1 Do not release this package because... > > > > > > > > > > > > thanks, > > > > > > > > > > > > --larry > > > > > > > > > > > > > > > > > > > > >