Thanks for pointing this out. I have reverted to using individual sha512 files - generated via sha512sum command. These have been pushed to svn link.
On 2023/07/25 18:03:06 Alexandre Vermeerbergen wrote: > Thanks... but that's not quite usable unless one download *all artefacts*, > see: > > wget > https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.5.0-rc2/apache-storm-2.5.0.tar.gz > wget > https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.5.0-rc2/sha512sums.sha512 > /usr/bin/sha512sum -c sha512sums.sha512 > > /usr/bin/sha512sum: RELEASE_NOTES.html: No such file or directory > RELEASE_NOTES.html: FAILED open or read > /usr/bin/sha512sum: RELEASE_NOTES.html.asc: No such file or directory > RELEASE_NOTES.html.asc: FAILED open or read > /usr/bin/sha512sum: apache-storm-2.5.0-src.tar.gz: No such file or directory > apache-storm-2.5.0-src.tar.gz: FAILED open or read > /usr/bin/sha512sum: apache-storm-2.5.0-src.tar.gz.asc: No such file or > directory > apache-storm-2.5.0-src.tar.gz.asc: FAILED open or read > /usr/bin/sha512sum: apache-storm-2.5.0-src.zip: No such file or directory > apache-storm-2.5.0-src.zip: FAILED open or read > /usr/bin/sha512sum: apache-storm-2.5.0-src.zip.asc: No such file or directory > apache-storm-2.5.0-src.zip.asc: FAILED open or read > /usr/bin/sha512sum: apache-storm-2.5.0.pom: No such file or directory > apache-storm-2.5.0.pom: FAILED open or read > /usr/bin/sha512sum: apache-storm-2.5.0.pom.asc: No such file or directory > apache-storm-2.5.0.pom.asc: FAILED open or read > apache-storm-2.5.0.tar.gz: OK > /usr/bin/sha512sum: apache-storm-2.5.0.tar.gz.asc: No such file or directory > apache-storm-2.5.0.tar.gz.asc: FAILED open or read > /usr/bin/sha512sum: apache-storm-2.5.0.zip: No such file or directory > apache-storm-2.5.0.zip: FAILED open or read > /usr/bin/sha512sum: apache-storm-2.5.0.zip.asc: No such file or directory > apache-storm-2.5.0.zip.asc: FAILED open or read > /usr/bin/sha512sum: WARNING: 11 listed files could not be read > > I tried to "corrupt" apache-storm-2.5.0.tar.gz and run the same > command, the corrupted file is detected, but that key information is a > bit burried into the many lines of 'sha512sum -c sha512sums.sha512' > output... > > Couldn't we have one .sha512 per file but with some sed or awk command > that post-processes gpg's output to turn the hexadecimal into a > one-liner compatible with sha512sum ? > > On a side note, the use of sha512sum is advertised on Apache > Fundation's site to verify sha512's signatures: > https://www.apache.org/info/verification.html > > Even more puzzling is the fact that Apache Kafka's recent signature > are also multi-line, see at: https://kafka.apache.org/downloads and I > test: > > wget https://downloads.apache.org/kafka/3.5.1/kafka-3.5.1-src.tgz > wget https://downloads.apache.org/kafka/3.5.1/kafka-3.5.1-src.tgz.sha512 > sha512sum -c kafka-3.5.1-src.tgz.sha512 > sha512sum: kafka-3.5.1-src.tgz.sha512: no properly formatted SHA512 > checksum lines found > > => So your .sha512 files initially published aren't worse than Apache > Kafka's... but now I'm wondering why somebody seems to care?? > > Anyway, in parallel I'm running tests with this 2.5.0 RC2, I'll will > provide feedbacks on that one too ASAP > > Thanks, > Alex > > Le mar. 25 juil. 2023 à 19:40, Bipin Prasad <bipinpra...@apache.org> a écrit : > > > > I have removed the .sha512 files generated via gpg and created one single > > sha512 file with all the checksums. Please check again. Thanks > > > > On 2023/07/25 17:27:14 Bipin Prasad wrote: > > > Looks like gpg does not generate checksum in the format expected by > > > sha512sum. > > > sha512sum expects one line of the format: > > > <not-space-separated-checksum> space <filemame> > > > > > > gpg generates: > > > <filemame> : <multiline-space-separated-checksum-words> > > > > > > So when I take the checksum file: > > > apache-storm-2.5.0-src.zip: 8ABE6595 4C51B310 BA226021 29253788 0201BF9D > > > 92DC24D7 A00FEBAE 809D0F91 EC772FAC C433F16B > > > B56F958E 2D2EDF21 0814A02B 58819949 E26B574B > > > A75BF1B9 > > > and change it to: > > > 8ABE65954C51B310BA226021292537880201BF9D92DC24D7A00FEBAE809D0F91EC772FACC433F16BB56F958E2D2EDF210814A02B58819949E26B574BA75BF1B9 > > > apache-storm-2.5.0-src.zip > > > > > > and run sha512sum it works. > > > > > > On 2023/07/25 17:13:15 Bipin Prasad wrote: > > > > The sha512 files were generated by "gpg --print-md SHA512" command. > > > > Will check why sha512sum does not think it is valid file. > > > > > > > > On 2023/07/25 16:50:50 Alexandre Vermeerbergen wrote: > > > > > Hello, > > > > > > > > > > Great ! > > > > > But I'm facing again an issue with SHA512 validation of the source > > > > > archive: > > > > > > > > > > wget > > > > > https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.5.0-rc2/apache-storm-2.5.0-src.tar.gz > > > > > wget > > > > > https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.5.0-rc2/apache-storm-2.5.0-src.tar.gz.sha512 > > > > > sha512sum -c apache-storm-2.5.0-src.tar.gz.sha512 > > > > > sha512sum: apache-storm-2.5.0-src.tar.gz.sha512: no properly formatted > > > > > SHA512 checksum lines found > > > > > > > > > > same issue with this binary artifact: > > > > > > > > > > wget > > > > > https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.5.0-rc2/apache-storm-2.5.0.tar.gz > > > > > wget > > > > > https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.5.0-rc2/apache-storm-2.5.0.tar.gz.sha512 > > > > > sha512sum -c apache-storm-2.5.0.tar.gz.sha512 > > > > > sha512sum: apache-storm-2.5.0.tar.gz.sha512: no properly formatted > > > > > SHA512 checksum lines found > > > > > > > > > > So I guess that's not good for a final 2.5.0 release isn't it ? > > > > > > > > > > Thanks, > > > > > Alex > > > > > > > > > > Le mar. 25 juil. 2023 à 17:29, Bipin Prasad <bipinpra...@apache.org> > > > > > a écrit : > > > > > > > > > > > > Storm Release candidate version 2.5.0 rc2 is here: > > > > > > https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.5.0-rc2 > > > > > > Please vote on this release. > > > > > > > > > > > > 1. How to vote is described here: > > > > > > > > > > > > https://github.com/apache/storm/blob/master/RELEASING.md#how-to-vote-on-a-release-candidate > > > > > > 2. Release notes are here: > > > > > > > > > > > > https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.5.0-rc2/RELEASE_NOTES.html > > > > > > . > > > > > > 3. The tag/commit to be voted upon is v2.5.0: > > > > > > 4. The source archive being votes upon is here: > > > > > > > > > > > > https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.5.0-rc2/apache-storm-2.5.0-src.tar.gz > > > > > > 5. The release artifacts are signed with the following key: > > > > > > > > > > > > https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x134716af768d9b6e > > > > > > in > > > > > > this file https://www.apache.org/dist/storm/KEYS > > > > > > > > > > > > > > > > > > When voting, please list the actions taken to verify the release. > > > > > > This vote will be open for at least 72 hours. > > > > > > > > > > > > [ ] +1 Release this package as Apache Storm 2.5.0 > > > > > > [ ] 0 No opinion > > > > > > [ ] -1 Do not release this package because... > > > > > > > > > > > > Thanks to everyone who contributed to this release. > > > > > > > > > > > > --Bipin Prasad > > > > > > > > > > > > On Mon, Jun 26, 2023 at 4:15 PM Bipin Prasad > > > > > > <bipinpra...@apache.org> wrote: > > > > > > > > > > > > > Storm Release candidate version 2.5.0 rc1 is here: > > > > > > > https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.5.0-rc1 > > > > > > > Please vote on this release. > > > > > > > > > > > > > > 1. How to vote is described here: > > > > > > > > > > > > > > https://github.com/apache/storm/blob/master/RELEASING.md#how-to-vote-on-a-release-candidate > > > > > > > 2. Release notes are here: > > > > > > > > > > > > > > https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.5.0-rc1/RELEASE_NOTES.html > > > > > > > . > > > > > > > 3. The tag/commit to be voted upon is v2.5.0: > > > > > > > 4. The source archive being votes upon is here: > > > > > > > > > > > > > > https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.5.0-rc1/apache-storm-2.5.0-src.tar.gz > > > > > > > 5. The release artifacts are signed with the following key: > > > > > > > > > > > > > > https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x134716af768d9b6e > > > > > > > in this file https://www.apache.org/dist/storm/KEYS > > > > > > > > > > > > > > > > > > > > > When voting, please list the actions taken to verify the release. > > > > > > > This vote will be open for at least 72 hours. > > > > > > > > > > > > > > [ ] +1 Release this package as Apache Storm 2.5.0 > > > > > > > [ ] 0 No opinion > > > > > > > [ ] -1 Do not release this package because... > > > > > > > > > > > > > > Thanks to everyone who contributed to this release. > > > > > > > > > > > > > > --Bipin Prasad > > > > > > > > > > > > > > > > > > > >