[ https://issues.apache.org/jira/browse/SLING-8029?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Georg Henzler updated SLING-8029: --------------------------------- Description: When trying to validate the recent release for "Apache Sling Form Based Authentication Handler 1.0.12, Apache Sling Starter Content 1.0.2", I encountered the following problem: {code} $ sh check_staged_release.sh 1995 /tmp/sling-staging ################################################################################ DOWNLOAD STAGED REPOSITORY ################################################################################ 2018-10-16 15:22:42 URL:https://repository.apache.org/content/repositories/orgapachesling-1995/org/apache/sling/ [1711] -> "/tmp/sling-staging/1995/org/apache/sling/index.html.tmp" [1] 2018-10-16 15:22:44 URL:https://repository.apache.org/content/repositories/orgapachesling-1995/org/apache/sling/org.apache.sling.auth.form/ [2554] -> "/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/index.html.tmp" [1] 2018-10-16 15:22:45 URL:https://repository.apache.org/content/repositories/orgapachesling-1995/org/apache/sling/org.apache.sling.starter.content/ [2588] -> "/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.starter.content/index.html.tmp" [1] ..... ..... FINISHED --2018-10-16 15:23:34-- Total wall clock time: 52s Downloaded: 47 files, 579K in 0.5s (1.25 MB/s) ################################################################################ CHECK SIGNATURES AND DIGESTS ################################################################################ /tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/maven-metadata.xml gpg: ---- md5 : GOOD (f165e0092858ee6f6b2301e0d17b1bf3) sha1 : GOOD (2625d5c75b4b4efd0c43258a6c0dfeef3049d6f1) /tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12.jar gpg: BAD!!!!!!!! md5 : GOOD (101ab3cee4ba891e9c6441e55a1166a0) sha1 : GOOD (e1e9a32459688ff2e5d9fb6effc561eba708334d) /tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12-sources.jar gpg: BAD!!!!!!!! md5 : GOOD (b8c81df2190741f3b0af50db369fa397) sha1 : GOOD (6cd5ca4fb9ca64dd363846513502716d7aa8f0ae) /tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12-javadoc.jar ..... ..... ################################################################################ {code} Taking out the piping to /dev/null in { gpg --verify $f.asc 2>/dev/null}} I got the root cause: {code} md5 : GOOD (21db726f5e7241cf619ca1ccb2105ab8) sha1 : GOOD (003bedc98bde6c4673241413c8cbe4e910364be3) /tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12.pom gpg: assuming signed data in '/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12.pom' gpg: Signature made Tue Oct 16 08:57:50 2018 EDT gpg: using RSA key 0A665C4670B478BF12235CCD339508654F63EC54 gpg: Can't check signature: No public key gpg: BAD!!!!!!!! {code} Now the key can be imported using {{gpg --keyserver pool.sks-keyservers.net --recv-keys <key>}}. This should happen automatically. > Improve check_staged_release.sh to automatically receive the relevant gpg key > ----------------------------------------------------------------------------- > > Key: SLING-8029 > URL: https://issues.apache.org/jira/browse/SLING-8029 > Project: Sling > Issue Type: Task > Reporter: Georg Henzler > Assignee: Georg Henzler > Priority: Major > > When trying to validate the recent release for "Apache Sling Form Based > Authentication Handler 1.0.12, Apache Sling Starter Content 1.0.2", I > encountered the following problem: > {code} > $ sh check_staged_release.sh 1995 /tmp/sling-staging > ################################################################################ > DOWNLOAD STAGED REPOSITORY > > ################################################################################ > 2018-10-16 15:22:42 > URL:https://repository.apache.org/content/repositories/orgapachesling-1995/org/apache/sling/ > [1711] -> "/tmp/sling-staging/1995/org/apache/sling/index.html.tmp" [1] > 2018-10-16 15:22:44 > URL:https://repository.apache.org/content/repositories/orgapachesling-1995/org/apache/sling/org.apache.sling.auth.form/ > [2554] -> > "/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/index.html.tmp" > [1] > 2018-10-16 15:22:45 > URL:https://repository.apache.org/content/repositories/orgapachesling-1995/org/apache/sling/org.apache.sling.starter.content/ > [2588] -> > "/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.starter.content/index.html.tmp" > [1] > ..... > ..... > FINISHED --2018-10-16 15:23:34-- > Total wall clock time: 52s > Downloaded: 47 files, 579K in 0.5s (1.25 MB/s) > ################################################################################ > CHECK SIGNATURES AND DIGESTS > > ################################################################################ > /tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/maven-metadata.xml > gpg: ---- > md5 : GOOD (f165e0092858ee6f6b2301e0d17b1bf3) > sha1 : GOOD (2625d5c75b4b4efd0c43258a6c0dfeef3049d6f1) > /tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12.jar > gpg: BAD!!!!!!!! > md5 : GOOD (101ab3cee4ba891e9c6441e55a1166a0) > sha1 : GOOD (e1e9a32459688ff2e5d9fb6effc561eba708334d) > /tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12-sources.jar > gpg: BAD!!!!!!!! > md5 : GOOD (b8c81df2190741f3b0af50db369fa397) > sha1 : GOOD (6cd5ca4fb9ca64dd363846513502716d7aa8f0ae) > /tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12-javadoc.jar > ..... > ..... > ################################################################################ > {code} > Taking out the piping to /dev/null in { gpg --verify $f.asc 2>/dev/null}} I > got the root cause: > {code} > md5 : GOOD (21db726f5e7241cf619ca1ccb2105ab8) > sha1 : GOOD (003bedc98bde6c4673241413c8cbe4e910364be3) > /tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12.pom > gpg: assuming signed data in > '/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12.pom' > gpg: Signature made Tue Oct 16 08:57:50 2018 EDT > gpg: using RSA key 0A665C4670B478BF12235CCD339508654F63EC54 > gpg: Can't check signature: No public key > gpg: BAD!!!!!!!! > {code} > Now the key can be imported using {{gpg --keyserver pool.sks-keyservers.net > --recv-keys <key>}}. This should happen automatically. -- This message was sent by Atlassian JIRA (v7.6.3#76005)