Thanks... but that's not quite usable unless one download *all artefacts*, see:
wget https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.5.0-rc2/apache-storm-2.5.0.tar.gz wget https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.5.0-rc2/sha512sums.sha512 /usr/bin/sha512sum -c sha512sums.sha512 /usr/bin/sha512sum: RELEASE_NOTES.html: No such file or directory RELEASE_NOTES.html: FAILED open or read /usr/bin/sha512sum: RELEASE_NOTES.html.asc: No such file or directory RELEASE_NOTES.html.asc: FAILED open or read /usr/bin/sha512sum: apache-storm-2.5.0-src.tar.gz: No such file or directory apache-storm-2.5.0-src.tar.gz: FAILED open or read /usr/bin/sha512sum: apache-storm-2.5.0-src.tar.gz.asc: No such file or directory apache-storm-2.5.0-src.tar.gz.asc: FAILED open or read /usr/bin/sha512sum: apache-storm-2.5.0-src.zip: No such file or directory apache-storm-2.5.0-src.zip: FAILED open or read /usr/bin/sha512sum: apache-storm-2.5.0-src.zip.asc: No such file or directory apache-storm-2.5.0-src.zip.asc: FAILED open or read /usr/bin/sha512sum: apache-storm-2.5.0.pom: No such file or directory apache-storm-2.5.0.pom: FAILED open or read /usr/bin/sha512sum: apache-storm-2.5.0.pom.asc: No such file or directory apache-storm-2.5.0.pom.asc: FAILED open or read apache-storm-2.5.0.tar.gz: OK /usr/bin/sha512sum: apache-storm-2.5.0.tar.gz.asc: No such file or directory apache-storm-2.5.0.tar.gz.asc: FAILED open or read /usr/bin/sha512sum: apache-storm-2.5.0.zip: No such file or directory apache-storm-2.5.0.zip: FAILED open or read /usr/bin/sha512sum: apache-storm-2.5.0.zip.asc: No such file or directory apache-storm-2.5.0.zip.asc: FAILED open or read /usr/bin/sha512sum: WARNING: 11 listed files could not be read I tried to "corrupt" apache-storm-2.5.0.tar.gz and run the same command, the corrupted file is detected, but that key information is a bit burried into the many lines of 'sha512sum -c sha512sums.sha512' output... Couldn't we have one .sha512 per file but with some sed or awk command that post-processes gpg's output to turn the hexadecimal into a one-liner compatible with sha512sum ? On a side note, the use of sha512sum is advertised on Apache Fundation's site to verify sha512's signatures: https://www.apache.org/info/verification.html Even more puzzling is the fact that Apache Kafka's recent signature are also multi-line, see at: https://kafka.apache.org/downloads and I test: wget https://downloads.apache.org/kafka/3.5.1/kafka-3.5.1-src.tgz wget https://downloads.apache.org/kafka/3.5.1/kafka-3.5.1-src.tgz.sha512 sha512sum -c kafka-3.5.1-src.tgz.sha512 sha512sum: kafka-3.5.1-src.tgz.sha512: no properly formatted SHA512 checksum lines found => So your .sha512 files initially published aren't worse than Apache Kafka's... but now I'm wondering why somebody seems to care?? Anyway, in parallel I'm running tests with this 2.5.0 RC2, I'll will provide feedbacks on that one too ASAP Thanks, Alex Le mar. 25 juil. 2023 à 19:40, Bipin Prasad <bipinpra...@apache.org> a écrit : > > I have removed the .sha512 files generated via gpg and created one single > sha512 file with all the checksums. Please check again. Thanks > > On 2023/07/25 17:27:14 Bipin Prasad wrote: > > Looks like gpg does not generate checksum in the format expected by > > sha512sum. > > sha512sum expects one line of the format: > > <not-space-separated-checksum> space <filemame> > > > > gpg generates: > > <filemame> : <multiline-space-separated-checksum-words> > > > > So when I take the checksum file: > > apache-storm-2.5.0-src.zip: 8ABE6595 4C51B310 BA226021 29253788 0201BF9D > > 92DC24D7 A00FEBAE 809D0F91 EC772FAC C433F16B > > B56F958E 2D2EDF21 0814A02B 58819949 E26B574B > > A75BF1B9 > > and change it to: > > 8ABE65954C51B310BA226021292537880201BF9D92DC24D7A00FEBAE809D0F91EC772FACC433F16BB56F958E2D2EDF210814A02B58819949E26B574BA75BF1B9 > > apache-storm-2.5.0-src.zip > > > > and run sha512sum it works. > > > > On 2023/07/25 17:13:15 Bipin Prasad wrote: > > > The sha512 files were generated by "gpg --print-md SHA512" command. Will > > > check why sha512sum does not think it is valid file. > > > > > > On 2023/07/25 16:50:50 Alexandre Vermeerbergen wrote: > > > > Hello, > > > > > > > > Great ! > > > > But I'm facing again an issue with SHA512 validation of the source > > > > archive: > > > > > > > > wget > > > > https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.5.0-rc2/apache-storm-2.5.0-src.tar.gz > > > > wget > > > > https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.5.0-rc2/apache-storm-2.5.0-src.tar.gz.sha512 > > > > sha512sum -c apache-storm-2.5.0-src.tar.gz.sha512 > > > > sha512sum: apache-storm-2.5.0-src.tar.gz.sha512: no properly formatted > > > > SHA512 checksum lines found > > > > > > > > same issue with this binary artifact: > > > > > > > > wget > > > > https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.5.0-rc2/apache-storm-2.5.0.tar.gz > > > > wget > > > > https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.5.0-rc2/apache-storm-2.5.0.tar.gz.sha512 > > > > sha512sum -c apache-storm-2.5.0.tar.gz.sha512 > > > > sha512sum: apache-storm-2.5.0.tar.gz.sha512: no properly formatted > > > > SHA512 checksum lines found > > > > > > > > So I guess that's not good for a final 2.5.0 release isn't it ? > > > > > > > > Thanks, > > > > Alex > > > > > > > > Le mar. 25 juil. 2023 à 17:29, Bipin Prasad <bipinpra...@apache.org> a > > > > écrit : > > > > > > > > > > Storm Release candidate version 2.5.0 rc2 is here: > > > > > https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.5.0-rc2 > > > > > Please vote on this release. > > > > > > > > > > 1. How to vote is described here: > > > > > > > > > > https://github.com/apache/storm/blob/master/RELEASING.md#how-to-vote-on-a-release-candidate > > > > > 2. Release notes are here: > > > > > > > > > > https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.5.0-rc2/RELEASE_NOTES.html > > > > > . > > > > > 3. The tag/commit to be voted upon is v2.5.0: > > > > > 4. The source archive being votes upon is here: > > > > > > > > > > https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.5.0-rc2/apache-storm-2.5.0-src.tar.gz > > > > > 5. The release artifacts are signed with the following key: > > > > > > > > > > https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x134716af768d9b6e > > > > > in > > > > > this file https://www.apache.org/dist/storm/KEYS > > > > > > > > > > > > > > > When voting, please list the actions taken to verify the release. > > > > > This vote will be open for at least 72 hours. > > > > > > > > > > [ ] +1 Release this package as Apache Storm 2.5.0 > > > > > [ ] 0 No opinion > > > > > [ ] -1 Do not release this package because... > > > > > > > > > > Thanks to everyone who contributed to this release. > > > > > > > > > > --Bipin Prasad > > > > > > > > > > On Mon, Jun 26, 2023 at 4:15 PM Bipin Prasad <bipinpra...@apache.org> > > > > > wrote: > > > > > > > > > > > Storm Release candidate version 2.5.0 rc1 is here: > > > > > > https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.5.0-rc1 > > > > > > Please vote on this release. > > > > > > > > > > > > 1. How to vote is described here: > > > > > > > > > > > > https://github.com/apache/storm/blob/master/RELEASING.md#how-to-vote-on-a-release-candidate > > > > > > 2. Release notes are here: > > > > > > > > > > > > https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.5.0-rc1/RELEASE_NOTES.html > > > > > > . > > > > > > 3. The tag/commit to be voted upon is v2.5.0: > > > > > > 4. The source archive being votes upon is here: > > > > > > > > > > > > https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.5.0-rc1/apache-storm-2.5.0-src.tar.gz > > > > > > 5. The release artifacts are signed with the following key: > > > > > > > > > > > > https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x134716af768d9b6e > > > > > > in this file https://www.apache.org/dist/storm/KEYS > > > > > > > > > > > > > > > > > > When voting, please list the actions taken to verify the release. > > > > > > This vote will be open for at least 72 hours. > > > > > > > > > > > > [ ] +1 Release this package as Apache Storm 2.5.0 > > > > > > [ ] 0 No opinion > > > > > > [ ] -1 Do not release this package because... > > > > > > > > > > > > Thanks to everyone who contributed to this release. > > > > > > > > > > > > --Bipin Prasad > > > > > > > > > > > > > > >
