Yes, that's it. The sigs on the hashes are maven extras that don't get pushed to the distribution site. All you have to check is the hashes.
On Thu, Jan 22, 2015 at 8:38 AM, Matt Gilman <[email protected]> wrote: > Jenn, > > I do not believe that there is any signature verification for the hashes. > There are hash files for the signature and for the source artifact which > should be checked. I will typically open a command line and view the > contents of the hash file and then run the corresponding command to > generate the hash of the artifact in question. Here's how I verified the > hashes for the nifi nar maven plugin: > > $ more nifi-nar-maven-plugin-1.0.0-incubating-source-release.zip.md5 > b82217d4816abc26be330f6f697f038f > $ md5 nifi-nar-maven-plugin-1.0.0-incubating-source-release.zip > MD5 (nifi-nar-maven-plugin-1.0.0-incubating-source-release.zip) = > b82217d4816abc26be330f6f697f038f > $ more nifi-nar-maven-plugin-1.0.0-incubating-source-release.zip.sha1 > b0bd2da85d4b78a337048fe69d544a9b944f38cd > $ openssl sha1 nifi-nar-maven-plugin-1.0.0-incubating-source-release.zip > SHA1(nifi-nar-maven-plugin-1.0.0-incubating-source-release.zip)= > b0bd2da85d4b78a337048fe69d544a9b944f38cd > > You can do the same set of commands for the signature file as well. Also, > the vote is open for 96 hours so your certainly not holding anybody up. > > Matt > > On Thu, Jan 22, 2015 at 7:34 AM, Jennifer Barnabee < > [email protected]> wrote: > >> Joe et al - >> I don't want to hold up the vote. I'm fuzzy on the signature validation. I >> *believe* I properly validated the signatures for the source artifacts but >> have not figured out how to do so for the hashes. Other than that, I can >> confirm the following: >> >> -LICENSE and NOTICE present >> -README looks good for both artifacts >> -Checksums look good >> -mvn install -Pcheck-licenses went fine >> -Both artifacts built successfully >> -The app runs fine >> >> If I should vote +0 so as not to hold things up, I can do that. Or if >> someone has half a day to help me (joking), that would be great. I'm not >> working and have all the time in the world; whereas I know that's not the >> case for everyone else... >> >> Cheers, >> Jenn >> >> On Wed, Jan 21, 2015 at 8:50 PM, Joe Witt <[email protected]> wrote: >> >> > Thanks for the great feedback! Will address all items noted as tracked >> > here: https://issues.apache.org/jira/browse/NIFI-291 >> > >> > Look forward to more feedback from others. If folks aren't sure how to >> > help validate please do ask questions on dev. >> > >> > Thanks >> > Joe >> > >> > >> > >> > On Wed, Jan 21, 2015 at 8:40 PM, Josh Elser <[email protected]> wrote: >> > >> > > +1 (non-binding) >> > > >> > > * Sigs and xsums look good for source-release >> > > * KEYS is populated >> > > * 'incubating' in file names >> > > * NOTICE, LICENSE and DISCLAIMER look to be in order >> > > - (should the README have the license header text?) >> > > * RAT passed (verified configured exclusions are covered in >> > LICENSE/NOTICE) >> > > - FWIW, it looks like there's an exclusion on nifi (nbactions.xml) >> that >> > > doesn't exist in the release. Not sure if that's intended. >> > > * Successfully built both projects from source and ran tests >> > > >> > > Great work! >> > > >> > > >> > > Joe Witt wrote: >> > > >> > >> Hello >> > >> >> > >> We are pleased to be calling this vote for the source release of >> Apache >> > >> NiFi 0.0.1-incubating. >> > >> >> > >> Since this is our first release as part of the Apache Incubator it >> will >> > be >> > >> slightly unique because we need to release two components. >> > >> >> > >> The first component is the 'nifi-nar-maven-plugin' which allows us to >> > >> build >> > >> 'NiFi Archives' which is part of our classloader isolation model. The >> > >> second is simply 'nifi' which is the full build and application that >> is >> > >> 'Apache NiFi (incubating)'. >> > >> >> > >> After this first release we expect to be releasing the >> > >> 'nifi-nar-maven-plugin' very rarely. >> > >> >> > >> So we'll break the information sections of this vote into two parts >> > where >> > >> one is for 'nifi-nar-maven-plugin' and the other 'nifi'. >> > >> >> > >> For the 'nifi-nar-maven-plugin' >> > >> -------------------------- >> > >> The source zip, including signatures, digests, etc. can be found at: >> > >> https://repository.apache.org/content/repositories/orgapachenifi-1015 >> > >> >> > >> The specific repository path in that staging repo is: >> > >> orgapachenifi-1015/content/org/apache/nifi/nifi-nar- >> > >> maven-plugin/1.0.0-incubating/ >> > >> >> > >> The sources.zip is called >> > >> 'nifi-nar-maven-plugin-1.0.0-incubating-source-release.zip' >> > >> >> > >> The Git tag is nifi-nar-maven-plugin-1.0.0-incubating-RC2 >> > >> >> > >> The Git commit ID is ad8a505ed3f885d454b0f9ea29f6908071135e17 >> > >> >> > >> >> > https://git-wip-us.apache.org/repos/asf?p=incubator-nifi.git;a=commit;h= >> > >> ad8a505ed3f885d454b0f9ea29f6908071135e17 >> > >> >> > >> Checksums of nar-maven-plugin-1.0.0-incubating-source-release.zip: >> > >> MD5: b82217d4816abc26be330f6f697f038f >> > >> SHA1: b0bd2da85d4b78a337048fe69d544a9b944f38cd >> > >> >> > >> 7 issues were closed/resolved for this release: >> > >> https://issues.apache.org/jira/secure/ReleaseNote.jspa? >> > >> projectId=12316020&version=12329307 >> > >> >> > >> ++++ >> > >> Note once you have completed the verification of the >> > >> 'nifi-nar-maven-plugin' you will have >> > >> 'nifi-nar-maven-plugin:1.0.0-incubating' in your local repo and thus >> you >> > >> can move on to the 'nifi' build below which depends on it. >> > >> ++++ >> > >> >> > >> For 'nifi' >> > >> ------------- >> > >> The source zip, including signatures, digests, etc. can be found at: >> > >> https://repository.apache.org/content/repositories/orgapachenifi-1016 >> > >> >> > >> The specific repository path in that staging repo is: >> > >> orgapachenifi-1016/org/apache/nifi/nifi/0.0.1-incubating/ >> > >> >> > >> The sources.zip is called 'nifi-0.0.1-incubating-source-release.zip' >> > >> >> > >> The Git tag is 'nifi-0.0.1-incubating-RC2' >> > >> >> > >> The Git commit ID is 8086322f10027f97855ec8f0d4440d0893f45cd1 >> > >> >> > >> >> > https://git-wip-us.apache.org/repos/asf?p=incubator-nifi.git;a=commit;h= >> > >> 8086322f10027f97855ec8f0d4440d0893f45cd1 >> > >> >> > >> Checksums of nifi-0.0.1-incubating-source-release.zip: >> > >> MD5: 43fee5afa809f882d9761cae6a4cd940 >> > >> SHA1: 810678e729d00ec0c8944c70af097df5b7a56e6e >> > >> >> > >> 113 issues were closed/resolved for this release: >> > >> https://issues.apache.org/jira/secure/ReleaseNote.jspa? >> > >> projectId=12316020&version=12329078 >> > >> >> > >> The following information applies to both the 'nifi-nar-maven-plugin' >> > and >> > >> 'nifi': >> > >> >> > >> >> > >> Release artifacts are signed with the following key: >> > >> https://people.apache.org/keys/committer/joewitt.asc >> > >> >> > >> KEYS file available here: >> > >> https://dist.apache.org/repos/dist/release/incubator/nifi/KEYS >> > >> >> > >> The vote will be open for 96 hours. >> > >> Please download the release candidate and evaluate the necessary items >> > >> including checking hashes, signatures, build from source, and test. >> The >> > >> please vote: >> > >> >> > >> [ ] +1 Release this package as Apache NiFi 0.0.1-incubating >> > >> [ ] +0 no opinion >> > >> [ ] -1 Do not release this package because because... >> > >> >> > >> >> > >>
