Drat, the announce email was wrong (likely glossed over it copying and pasting), but the md5sum provided to the repository is correct ( nifi-0.6.0-source-release.zip.md5). I did an md5 against the artifact as provided to SVN using the actually prepared md5 checksum.
# apiri in ~/Development/verify/release-0.6.0/dist/nifi/nifi-0.6.0 [7:55:56] $ cat nifi-0.6.0-source-release.zip.md5 1597a93574b928b7c78e3014d1eca416% # apiri in ~/Development/verify/release-0.6.0/dist/nifi/nifi-0.6.0 [7:55:59] $ md5sum nifi-0.6.0-source-release.zip 1597a93574b928b7c78e3014d1eca416 nifi-0.6.0-source-release.zip On Tue, Mar 22, 2016 at 7:37 AM, Matt Burgess <mattyb...@gmail.com> wrote: > I'm getting an MD5 checksum mismatch on the ZIP: > > < MD5(nifi-0.6.0-source-release.zip)= 1559157db000d53221aeabc5dd607cfc > --- > > MD5(nifi-0.6.0-source-release.zip)= 1597a93574b928b7c78e3014d1eca416 > > On Mon, Mar 21, 2016 at 11:08 PM, Andy LoPresto < > alopresto.apa...@gmail.com> > wrote: > > > Thanks to Aldrin and Matt Burgess, we were able to push a new signature > > for each artifact to the repository and verify it. Please resume release > > verification. > > > > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > > alopresto > > 🔓 0s @ 20:01:08 $ rmf nifi-0.6.0-source-release.zip.asc > > nifi-0.6.0-source-release.zip.asc > > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > > alopresto > > 🔓 0s @ 20:01:14 $ wget > > > https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-source-release.zip.asc > > --2016-03-21 20:01:16-- > > > https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-source-release.zip.asc > > Resolving dist.apache.org... 209.188.14.144 > > Connecting to dist.apache.org|209.188.14.144|:443... connected. > > HTTP request sent, awaiting response... 200 OK > > Length: 801 [text/plain] > > Saving to: 'nifi-0.6.0-source-release.zip.asc' > > > > nifi-0.6.0-source-release.zip.asc > > 100%[============================================================>] > > 801 --.-KB/s in 0s > > > > 2016-03-21 20:01:16 (34.7 MB/s) - 'nifi-0.6.0-source-release.zip.asc' > > saved [801/801] > > > > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > > alopresto > > 🔓 0s @ 20:01:17 $ diff nifi-0.6.0-source-release.zip.asc aldrin-new.asc > > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > > alopresto > > 🔓 0s @ 20:01:29 $ gpg --verify -v aldrin-new.asc > > nifi-0.6.0-source-release.zip > > gpg: Signature made Mon Mar 21 19:39:05 2016 PDT using RSA key ID > 4CFE5D00 > > gpg: using PGP trust model > > gpg: Good signature from "Aldrin Piri (Code Signing Key) < > > ald...@apache.org>" [full] > > gpg: binary signature, digest algorithm SHA512 > > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > > alopresto > > 🔓 0s @ 20:01:38 $ gpg --verify -v nifi-0.6.0-source-release.zip.asc > > nifi-0.6.0-source-release.zip > > gpg: Signature made Mon Mar 21 19:39:05 2016 PDT using RSA key ID > 4CFE5D00 > > gpg: using PGP trust model > > gpg: Good signature from "Aldrin Piri (Code Signing Key) < > > ald...@apache.org>" [full] > > gpg: binary signature, digest algorithm SHA512 > > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > > alopresto > > 🔓 0s @ 20:01:50 $ > > > > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > > alopresto > > 🔓 0s @ 20:01:50 $ wget > > > https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.zip.asc > > --2016-03-21 20:03:43-- > > > https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.zip.asc > > Resolving dist.apache.org... 209.188.14.144 > > Connecting to dist.apache.org|209.188.14.144|:443... connected. > > HTTP request sent, awaiting response... 200 OK > > Length: 801 [text/plain] > > Saving to: 'nifi-0.6.0-bin.zip.asc' > > > > nifi-0.6.0-bin.zip.asc > > 100%[============================================================>] > > 801 --.-KB/s in 0s > > > > 2016-03-21 20:03:43 (27.3 MB/s) - 'nifi-0.6.0-bin.zip.asc' saved > [801/801] > > > > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > > alopresto > > 🔓 0s @ 20:03:44 $ wget > > > https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.zip > > --2016-03-21 20:03:47-- > > > https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.zip > > Resolving dist.apache.org... 209.188.14.144 > > Connecting to dist.apache.org|209.188.14.144|:443... connected. > > HTTP request sent, awaiting response... 200 OK > > Length: 441687095 (421M) [application/octet-stream] > > Saving to: 'nifi-0.6.0-bin.zip' > > > > nifi-0.6.0-bin.zip > > 100%[============================================================>] > > 421.23M 10.7MB/s in 44s > > > > 2016-03-21 20:04:31 (9.59 MB/s) - 'nifi-0.6.0-bin.zip' saved > > [441687095/441687095] > > > > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > > alopresto > > 🔓 44s @ 20:04:32 $ gpg --verify -v nifi-0.6.0-bin.zip.asc > > gpg: assuming signed data in 'nifi-0.6.0-bin.zip' > > gpg: Signature made Mon Mar 21 19:49:21 2016 PDT using RSA key ID > 4CFE5D00 > > gpg: using PGP trust model > > gpg: Good signature from "Aldrin Piri (Code Signing Key) < > > ald...@apache.org>" [full] > > gpg: binary signature, digest algorithm SHA512 > > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > > alopresto > > 🔓 2s @ 20:05:04 $ > > > > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > > alopresto > > 🔓 2s @ 20:05:04 $ wget > > > https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.tar.gz > > --2016-03-21 20:06:34-- > > > https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.tar.gz > > Resolving dist.apache.org... 209.188.14.144 > > Connecting to dist.apache.org|209.188.14.144|:443... connected. > > HTTP request sent, awaiting response... 200 OK > > Length: 441632655 (421M) [application/octet-stream] > > Saving to: 'nifi-0.6.0-bin.tar.gz' > > > > nifi-0.6.0-bin.tar.gz > > 100%[============================================================>] > > 421.17M 10.3MB/s in 40s > > > > 2016-03-21 20:07:15 (10.4 MB/s) - 'nifi-0.6.0-bin.tar.gz' saved > > [441632655/441632655] > > > > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > > alopresto > > 🔓 41s @ 20:07:16 $ wget > > > https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.tar.gz.asc > > --2016-03-21 20:07:42-- > > > https://dist.apache.org/repos/dist/dev/nifi/nifi-0.6.0/nifi-0.6.0-bin.tar.gz.asc > > Resolving dist.apache.org... 209.188.14.144 > > Connecting to dist.apache.org|209.188.14.144|:443... connected. > > HTTP request sent, awaiting response... 200 OK > > Length: 801 [text/plain] > > Saving to: 'nifi-0.6.0-bin.tar.gz.asc' > > > > nifi-0.6.0-bin.tar.gz.asc > > 100%[============================================================>] > > 801 --.-KB/s in 0s > > > > 2016-03-21 20:07:42 (13.2 MB/s) - 'nifi-0.6.0-bin.tar.gz.asc' saved > > [801/801] > > > > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > > alopresto > > 🔓 0s @ 20:07:43 $ gpg --verify -v nifi-0.6.0-bin.tar.gz.asc > > gpg: assuming signed data in 'nifi-0.6.0-bin.tar.gz' > > gpg: Signature made Mon Mar 21 19:49:29 2016 PDT using RSA key ID > 4CFE5D00 > > gpg: using PGP trust model > > gpg: Good signature from "Aldrin Piri (Code Signing Key) < > > ald...@apache.org>" [full] > > gpg: binary signature, digest algorithm SHA512 > > hw12203:/Users/alopresto/Workspace/scratch/release_verification/0.6.0 > > alopresto > > 🔓 3s @ 20:07:55 $ > > > > Andy LoPresto > > alopresto.apa...@gmail.com > > PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > > > > On Mar 21, 2016, at 7:28 PM, Aldrin Piri <aldrinp...@gmail.com> wrote: > > > > Hey Matt, > > > > Thanks for the heads up. Something is definitely awry. While verifying > > seemingly checks out in my environment: > > > > $ gpg --verify nifi-0.6.0-source-release.zip.asc > > > > gpg: assuming signed data in `nifi-0.6.0-source-release.zip' > > gpg: Signature made Mon Mar 21 14:38:50 2016 EDT using RSA key ID > 4CFE5D00 > > gpg: Good signature from "Aldrin Piri (Code Signing Key) < > > ald...@apache.org>" > > > > > > > > I receive similar errors on another system I did not perform/verify the > > release process on. For now, I ask that folks likely hold up until I can > > resolve the issue and determine if it was a matter of publishing or the > > entire build and another RC is needed. > > > > > > On Mon, Mar 21, 2016 at 9:44 PM, Matt Burgess <mattyb...@gmail.com> > wrote: > > > > I'm getting an error on Aldrin's signature during gpg --verify: > > > > gpg: BAD signature from "Aldrin Piri (Code Signing Key) < > ald...@apache.org > > > > " > > > > [unknown] > > > > Is anyone else seeing this? > > > > Thanks, > > Matt > > > > On Mon, Mar 21, 2016 at 4:37 PM, Aldrin Piri <aldrinp...@gmail.com> > wrote: > > > > Hello, > > > > I am pleased to be calling this vote for the source release of Apache > > > > NiFi > > > > nifi-0.6.0. > > > > The source zip, including signatures, digests, etc. can be found at: > > https://repository.apache.org/content/repositories/orgapachenifi-1077 > > > > The Git tag is NIFI-1634-RC1 > > The Git commit hash is 736896246cf021dbed31d4eb1e22e0755e4705f0 > > * > > > > > > > > > https://git-wip-us.apache.org/repos/asf?p=nifi.git;a=commit;h=736896246cf021dbed31d4eb1e22e0755e4705f0 > > > > * > > > > > > > > > https://github.com/apache/nifi/commit/736896246cf021dbed31d4eb1e22e0755e4705f0 > > > > > > Checksums of nifi-0.6.0-source-release.zip: > > MD5: 1559157db000d53221aeabc5dd607cfc > > SHA1: feed12016d7f2d450fb1e3a238634757cc17b0f1 > > > > Release artifacts are signed with the following key: > > *https://people.apache.org/keys/committer/aldrin.asc > > <https://people.apache.org/keys/committer/aldrin.asc>* > > > > KEYS file available here: > > https://dist.apache.org/repos/dist/release/nifi/KEYS > > > > 71 issues were closed/resolved for this release: > > * > > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334372&styleName=Html&projectId=12316020 > > > > < > > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334372&styleName=Html&projectId=12316020 > > > > * > > > > > > Release note highlights can be found here: > > * > > > > > > > https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version0.6.0 > > > > < > > > > > > > https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version0.6.0 > > > > * > > > > > > The vote will be open for 72 hours. > > Please download the release candidate and evaluate the necessary items > > including checking hashes, signatures, build from source, and test. Then > > please vote: > > > > [ ] +1 Release this package as nifi-0.6.0 > > [ ] +0 no opinion > > [ ] -1 Do not release this package because... > > > > Thanks! > > > > > > > > >
