[jira] [Updated] (SLING-8029) Improve check_staged_release.sh to automatically receive the relevant gpg key

Georg Henzler (JIRA) Tue, 16 Oct 2018 13:16:16 -0700


     [ 
https://issues.apache.org/jira/browse/SLING-8029?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Georg Henzler updated SLING-8029:
---------------------------------
    Description: 
When trying to validate the recent release for "Apache Sling Form Based 
Authentication Handler 1.0.12, Apache Sling Starter Content 1.0.2", I 
encountered the following problem:

{code}
$ sh check_staged_release.sh 1995 /tmp/sling-staging
################################################################################
                           DOWNLOAD STAGED REPOSITORY                           
################################################################################
2018-10-16 15:22:42 
URL:https://repository.apache.org/content/repositories/orgapachesling-1995/org/apache/sling/
 [1711] -> "/tmp/sling-staging/1995/org/apache/sling/index.html.tmp" [1]
2018-10-16 15:22:44 
URL:https://repository.apache.org/content/repositories/orgapachesling-1995/org/apache/sling/org.apache.sling.auth.form/
 [2554] -> 
"/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/index.html.tmp"
 [1]
2018-10-16 15:22:45 
URL:https://repository.apache.org/content/repositories/orgapachesling-1995/org/apache/sling/org.apache.sling.starter.content/
 [2588] -> 
"/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.starter.content/index.html.tmp"
 [1]
.....
.....
FINISHED --2018-10-16 15:23:34--
Total wall clock time: 52s
Downloaded: 47 files, 579K in 0.5s (1.25 MB/s)
################################################################################
                          CHECK SIGNATURES AND DIGESTS                          
################################################################################
/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/maven-metadata.xml
gpg:  ----
md5 : GOOD (f165e0092858ee6f6b2301e0d17b1bf3)
sha1 : GOOD (2625d5c75b4b4efd0c43258a6c0dfeef3049d6f1)
/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12.jar
gpg:  BAD!!!!!!!!
md5 : GOOD (101ab3cee4ba891e9c6441e55a1166a0)
sha1 : GOOD (e1e9a32459688ff2e5d9fb6effc561eba708334d)
/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12-sources.jar
gpg:  BAD!!!!!!!!
md5 : GOOD (b8c81df2190741f3b0af50db369fa397)
sha1 : GOOD (6cd5ca4fb9ca64dd363846513502716d7aa8f0ae)
/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12-javadoc.jar
.....
.....
################################################################################
{code}
Taking out the piping to /dev/null in { gpg --verify $f.asc 2>/dev/null}} I got 
the root cause:
{code}
md5 : GOOD (21db726f5e7241cf619ca1ccb2105ab8)
sha1 : GOOD (003bedc98bde6c4673241413c8cbe4e910364be3)
/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12.pom
gpg: assuming signed data in 
'/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12.pom'
gpg: Signature made Tue Oct 16 08:57:50 2018 EDT
gpg:                using RSA key 0A665C4670B478BF12235CCD339508654F63EC54
gpg: Can't check signature: No public key
gpg:  BAD!!!!!!!!
{code}

Now the key can be imported using {{gpg --keyserver pool.sks-keyservers.net 
--recv-keys <key>}}. This should happen automatically. 


> Improve check_staged_release.sh to automatically receive the relevant gpg key
> -----------------------------------------------------------------------------
>
>                 Key: SLING-8029
>                 URL: https://issues.apache.org/jira/browse/SLING-8029
>             Project: Sling
>          Issue Type: Task
>            Reporter: Georg Henzler
>            Assignee: Georg Henzler
>            Priority: Major
>
> When trying to validate the recent release for "Apache Sling Form Based 
> Authentication Handler 1.0.12, Apache Sling Starter Content 1.0.2", I 
> encountered the following problem:
> {code}
> $ sh check_staged_release.sh 1995 /tmp/sling-staging
> ################################################################################
>                            DOWNLOAD STAGED REPOSITORY                         
>   
> ################################################################################
> 2018-10-16 15:22:42 
> URL:https://repository.apache.org/content/repositories/orgapachesling-1995/org/apache/sling/
>  [1711] -> "/tmp/sling-staging/1995/org/apache/sling/index.html.tmp" [1]
> 2018-10-16 15:22:44 
> URL:https://repository.apache.org/content/repositories/orgapachesling-1995/org/apache/sling/org.apache.sling.auth.form/
>  [2554] -> 
> "/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/index.html.tmp"
>  [1]
> 2018-10-16 15:22:45 
> URL:https://repository.apache.org/content/repositories/orgapachesling-1995/org/apache/sling/org.apache.sling.starter.content/
>  [2588] -> 
> "/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.starter.content/index.html.tmp"
>  [1]
> .....
> .....
> FINISHED --2018-10-16 15:23:34--
> Total wall clock time: 52s
> Downloaded: 47 files, 579K in 0.5s (1.25 MB/s)
> ################################################################################
>                           CHECK SIGNATURES AND DIGESTS                        
>   
> ################################################################################
> /tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/maven-metadata.xml
> gpg:  ----
> md5 : GOOD (f165e0092858ee6f6b2301e0d17b1bf3)
> sha1 : GOOD (2625d5c75b4b4efd0c43258a6c0dfeef3049d6f1)
> /tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12.jar
> gpg:  BAD!!!!!!!!
> md5 : GOOD (101ab3cee4ba891e9c6441e55a1166a0)
> sha1 : GOOD (e1e9a32459688ff2e5d9fb6effc561eba708334d)
> /tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12-sources.jar
> gpg:  BAD!!!!!!!!
> md5 : GOOD (b8c81df2190741f3b0af50db369fa397)
> sha1 : GOOD (6cd5ca4fb9ca64dd363846513502716d7aa8f0ae)
> /tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12-javadoc.jar
> .....
> .....
> ################################################################################
> {code}
> Taking out the piping to /dev/null in { gpg --verify $f.asc 2>/dev/null}} I 
> got the root cause:
> {code}
> md5 : GOOD (21db726f5e7241cf619ca1ccb2105ab8)
> sha1 : GOOD (003bedc98bde6c4673241413c8cbe4e910364be3)
> /tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12.pom
> gpg: assuming signed data in 
> '/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12.pom'
> gpg: Signature made Tue Oct 16 08:57:50 2018 EDT
> gpg:                using RSA key 0A665C4670B478BF12235CCD339508654F63EC54
> gpg: Can't check signature: No public key
> gpg:  BAD!!!!!!!!
> {code}
> Now the key can be imported using {{gpg --keyserver pool.sks-keyservers.net 
> --recv-keys <key>}}. This should happen automatically. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (SLING-8029) Improve check_staged_release.sh to automatically receive the relevant gpg key

Reply via email to