I'm getting an MD5 checksum mismatch on the ZIP: < MD5(nifi-0.6.0-source-release.zip)= 1559157db000d53221aeabc5dd607cfc --- > MD5(nifi-0.6.0-source-release.zip)= 1597a93574b928b7c78e3014d1eca416
On Mon, Mar 21, 2016 at 11:08 PM, Andy LoPresto <[email protected]> wrote: > Thanks to Aldrin and Matt Burgess, we were able to push a new signature > for each artifact to the repository and verify it. Please resume release > verification. > > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > alopresto > 🔓 0s @ 20:01:08 $ rmf nifi-0.6.0-source-release.zip.asc > nifi-0.6.0-source-release.zip.asc > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > alopresto > 🔓 0s @ 20:01:14 $ wget > https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-source-release.zip.asc > --2016-03-21 20:01:16-- > https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-source-release.zip.asc > Resolving dist.apache.org... 209.188.14.144 > Connecting to dist.apache.org|209.188.14.144|:443... connected. > HTTP request sent, awaiting response... 200 OK > Length: 801 [text/plain] > Saving to: 'nifi-0.6.0-source-release.zip.asc' > > nifi-0.6.0-source-release.zip.asc > 100%[============================================================>] > 801 --.-KB/s in 0s > > 2016-03-21 20:01:16 (34.7 MB/s) - 'nifi-0.6.0-source-release.zip.asc' > saved [801/801] > > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > alopresto > 🔓 0s @ 20:01:17 $ diff nifi-0.6.0-source-release.zip.asc aldrin-new.asc > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > alopresto > 🔓 0s @ 20:01:29 $ gpg --verify -v aldrin-new.asc > nifi-0.6.0-source-release.zip > gpg: Signature made Mon Mar 21 19:39:05 2016 PDT using RSA key ID 4CFE5D00 > gpg: using PGP trust model > gpg: Good signature from "Aldrin Piri (Code Signing Key) < > [email protected]>" [full] > gpg: binary signature, digest algorithm SHA512 > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > alopresto > 🔓 0s @ 20:01:38 $ gpg --verify -v nifi-0.6.0-source-release.zip.asc > nifi-0.6.0-source-release.zip > gpg: Signature made Mon Mar 21 19:39:05 2016 PDT using RSA key ID 4CFE5D00 > gpg: using PGP trust model > gpg: Good signature from "Aldrin Piri (Code Signing Key) < > [email protected]>" [full] > gpg: binary signature, digest algorithm SHA512 > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > alopresto > 🔓 0s @ 20:01:50 $ > > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > alopresto > 🔓 0s @ 20:01:50 $ wget > https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.zip.asc > --2016-03-21 20:03:43-- > https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.zip.asc > Resolving dist.apache.org... 209.188.14.144 > Connecting to dist.apache.org|209.188.14.144|:443... connected. > HTTP request sent, awaiting response... 200 OK > Length: 801 [text/plain] > Saving to: 'nifi-0.6.0-bin.zip.asc' > > nifi-0.6.0-bin.zip.asc > 100%[============================================================>] > 801 --.-KB/s in 0s > > 2016-03-21 20:03:43 (27.3 MB/s) - 'nifi-0.6.0-bin.zip.asc' saved [801/801] > > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > alopresto > 🔓 0s @ 20:03:44 $ wget > https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.zip > --2016-03-21 20:03:47-- > https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.zip > Resolving dist.apache.org... 209.188.14.144 > Connecting to dist.apache.org|209.188.14.144|:443... connected. > HTTP request sent, awaiting response... 200 OK > Length: 441687095 (421M) [application/octet-stream] > Saving to: 'nifi-0.6.0-bin.zip' > > nifi-0.6.0-bin.zip > 100%[============================================================>] > 421.23M 10.7MB/s in 44s > > 2016-03-21 20:04:31 (9.59 MB/s) - 'nifi-0.6.0-bin.zip' saved > [441687095/441687095] > > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > alopresto > 🔓 44s @ 20:04:32 $ gpg --verify -v nifi-0.6.0-bin.zip.asc > gpg: assuming signed data in 'nifi-0.6.0-bin.zip' > gpg: Signature made Mon Mar 21 19:49:21 2016 PDT using RSA key ID 4CFE5D00 > gpg: using PGP trust model > gpg: Good signature from "Aldrin Piri (Code Signing Key) < > [email protected]>" [full] > gpg: binary signature, digest algorithm SHA512 > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > alopresto > 🔓 2s @ 20:05:04 $ > > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > alopresto > 🔓 2s @ 20:05:04 $ wget > https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.tar.gz > --2016-03-21 20:06:34-- > https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.tar.gz > Resolving dist.apache.org... 209.188.14.144 > Connecting to dist.apache.org|209.188.14.144|:443... connected. > HTTP request sent, awaiting response... 200 OK > Length: 441632655 (421M) [application/octet-stream] > Saving to: 'nifi-0.6.0-bin.tar.gz' > > nifi-0.6.0-bin.tar.gz > 100%[============================================================>] > 421.17M 10.3MB/s in 40s > > 2016-03-21 20:07:15 (10.4 MB/s) - 'nifi-0.6.0-bin.tar.gz' saved > [441632655/441632655] > > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > alopresto > 🔓 41s @ 20:07:16 $ wget > https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.tar.gz.asc > --2016-03-21 20:07:42-- > https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.tar.gz.asc > Resolving dist.apache.org... 209.188.14.144 > Connecting to dist.apache.org|209.188.14.144|:443... connected. > HTTP request sent, awaiting response... 200 OK > Length: 801 [text/plain] > Saving to: 'nifi-0.6.0-bin.tar.gz.asc' > > nifi-0.6.0-bin.tar.gz.asc > 100%[============================================================>] > 801 --.-KB/s in 0s > > 2016-03-21 20:07:42 (13.2 MB/s) - 'nifi-0.6.0-bin.tar.gz.asc' saved > [801/801] > > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > alopresto > 🔓 0s @ 20:07:43 $ gpg --verify -v nifi-0.6.0-bin.tar.gz.asc > gpg: assuming signed data in 'nifi-0.6.0-bin.tar.gz' > gpg: Signature made Mon Mar 21 19:49:29 2016 PDT using RSA key ID 4CFE5D00 > gpg: using PGP trust model > gpg: Good signature from "Aldrin Piri (Code Signing Key) < > [email protected]>" [full] > gpg: binary signature, digest algorithm SHA512 > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > alopresto > 🔓 3s @ 20:07:55 $ > > Andy LoPresto > [email protected] > PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > > On Mar 21, 2016, at 7:28 PM, Aldrin Piri <[email protected]> wrote: > > Hey Matt, > > Thanks for the heads up. Something is definitely awry. While verifying > seemingly checks out in my environment: > > $ gpg --verify nifi-0.6.0-source-release.zip.asc > > gpg: assuming signed data in `nifi-0.6.0-source-release.zip' > gpg: Signature made Mon Mar 21 14:38:50 2016 EDT using RSA key ID 4CFE5D00 > gpg: Good signature from "Aldrin Piri (Code Signing Key) < > [email protected]>" > > > > I receive similar errors on another system I did not perform/verify the > release process on. For now, I ask that folks likely hold up until I can > resolve the issue and determine if it was a matter of publishing or the > entire build and another RC is needed. > > > On Mon, Mar 21, 2016 at 9:44 PM, Matt Burgess <[email protected]> wrote: > > I'm getting an error on Aldrin's signature during gpg --verify: > > gpg: BAD signature from "Aldrin Piri (Code Signing Key) <[email protected] > > " > > [unknown] > > Is anyone else seeing this? > > Thanks, > Matt > > On Mon, Mar 21, 2016 at 4:37 PM, Aldrin Piri <[email protected]> wrote: > > Hello, > > I am pleased to be calling this vote for the source release of Apache > > NiFi > > nifi-0.6.0. > > The source zip, including signatures, digests, etc. can be found at: > https://repository.apache.org/content/repositories/orgapachenifi-1077 > > The Git tag is NIFI-1634-RC1 > The Git commit hash is 736896246cf021dbed31d4eb1e22e0755e4705f0 > * > > > > https://git-wip-us.apache.org/repos/asf?p=nifi.git;a=commit;h=736896246cf021dbed31d4eb1e22e0755e4705f0 > > * > > > > https://github.com/apache/nifi/commit/736896246cf021dbed31d4eb1e22e0755e4705f0 > > > Checksums of nifi-0.6.0-source-release.zip: > MD5: 1559157db000d53221aeabc5dd607cfc > SHA1: feed12016d7f2d450fb1e3a238634757cc17b0f1 > > Release artifacts are signed with the following key: > *https://people.apache.org/keys/committer/aldrin.asc > <https://people.apache.org/keys/committer/aldrin.asc>* > > KEYS file available here: > https://dist.apache.org/repos/dist/release/nifi/KEYS > > 71 issues were closed/resolved for this release: > * > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334372&styleName=Html&projectId=12316020 > > < > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334372&styleName=Html&projectId=12316020 > > * > > > Release note highlights can be found here: > * > > > https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version0.6.0 > > < > > > https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version0.6.0 > > * > > > The vote will be open for 72 hours. > Please download the release candidate and evaluate the necessary items > including checking hashes, signatures, build from source, and test. Then > please vote: > > [ ] +1 Release this package as nifi-0.6.0 > [ ] +0 no opinion > [ ] -1 Do not release this package because... > > Thanks! > > > >
