Ran all tests from the php end. Everything passes. Actually added a couple more and those also pass.
VOTE: +1 On Fri, Apr 6, 2018 at 9:29 AM, Jason Plurad <[email protected]> wrote: > Validated the binaries, did several manual tests with the Gremlin Server + > Gremlin Console, looked over the documentation. > > The instructions on the download page to verify with gpg manually are fine > since the output does say "Good signature" even with the [unknown] suffix. > > VOTE: +1 > > On Wed, Apr 4, 2018 at 2:08 PM, Daniel Kuppitz <[email protected]> wrote: > > > With the suffix ignored it all looks good. > > > > Validating binary distributions > > > > * downloading Apache TinkerPop Gremlin > > (apache-tinkerpop-gremlin-console-3.3.2-bin.zip)... OK > > * validating signatures and checksums ... > > * PGP signature ... OK > > * MD5 checksum ... OK > > * SHA1 checksum ... OK > > * unzipping Apache TinkerPop Gremlin ... OK > > * validating Apache TinkerPop Gremlin's docs ... OK > > * validating Apache TinkerPop Gremlin's binaries ... OK > > * validating Apache TinkerPop Gremlin's legal files ... > > * LICENSE ... OK > > * NOTICE ... OK > > * validating Apache TinkerPop Gremlin's plugin directory ... OK > > * validating Apache TinkerPop Gremlin's lib directory ... OK > > * testing script evaluation ... OK > > > > * downloading Apache TinkerPop Gremlin > > (apache-tinkerpop-gremlin-server-3.3.2-bin.zip)... OK > > * validating signatures and checksums ... > > * PGP signature ... OK > > * MD5 checksum ... OK > > * SHA1 checksum ... OK > > * unzipping Apache TinkerPop Gremlin ... OK > > * validating Apache TinkerPop Gremlin's docs ... OK > > * validating Apache TinkerPop Gremlin's binaries ... OK > > * validating Apache TinkerPop Gremlin's legal files ... > > * LICENSE ... OK > > * NOTICE ... OK > > * validating Apache TinkerPop Gremlin's plugin directory ... OK > > * validating Apache TinkerPop Gremlin's lib directory ... OK > > > > Validating source distribution > > > > * downloading Apache TinkerPop 3.3.2 (apache-tinkerpop-3.3.2-src.zip)... > > OK > > * validating signatures and checksums ... > > * PGP signature ... OK > > * MD5 checksum ... OK > > * SHA1 checksum ... OK > > * unzipping Apache TinkerPop 3.3.2 ... OK > > * building project ... OK > > > > > > VOTE: +1 (if nobody has any objections regarding the suffix) > > > > Furthermore, here's the output of the verification step shown on the > > download page: > > > > $ gpg --verify apache-tinkerpop-3.3.2-src.zip.asc > > apache-tinkerpop-3.3.2-src.zip > > gpg: Signature made Tue 03 Apr 2018 12:45:53 PM MST > > gpg: using RSA key EA53A99854EAB0E6 > > gpg: Good signature from "Stephen Mallette <[email protected]>" > > [unknown] > > gpg: WARNING: This key is not certified with a trusted signature! > > gpg: There is no indication that the signature belongs to the > > owner. > > Primary key fingerprint: 0871 A360 AAB5 FD42 2516 E2FB EA53 A998 54EA > B0E6 > > > > > > Cheers, > > Daniel > > > > > > On Wed, Apr 4, 2018 at 1:59 PM, Daniel Kuppitz <[email protected]> wrote: > > > > > Much newer. > > > > > > $ gpg --version > > > gpg (GnuPG) 2.1.15 > > > libgcrypt 1.7.8 > > > Copyright (C) 2016 Free Software Foundation, Inc. > > > License GPLv3+: GNU GPL version 3 or later < > https://gnu.org/licenses/gpl > > . > > > html> > > > This is free software: you are free to change and redistribute it. > > > There is NO WARRANTY, to the extent permitted by law. > > > > > > Home: /home/daniel/.gnupg > > > Supported algorithms: > > > Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA > > > Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, > > > CAMELLIA128, CAMELLIA192, CAMELLIA256 > > > Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 > > > Compression: Uncompressed, ZIP, ZLIB, BZIP2 > > > > > > > > > > > > On Wed, Apr 4, 2018 at 1:57 PM, Stephen Mallette <[email protected] > > > > > wrote: > > > > > >> out of curiosity - what gpg version do you have? i'm on: > > >> > > >> $ gpg --version > > >> gpg (GnuPG) 1.4.16 > > >> > > >> is that ancient or something? i'd be curious if anyone else has this > > >> problem. it's also semi-concerning that this doesn't work because we'd > > >> want > > >> to the verification to behave right with the instructions we have > here: > > >> > > >> http://tinkerpop.apache.org/downloads.html > > >> > > >> wonder if that's a problem too? > > >> > > >> > > >> > > >> On Wed, Apr 4, 2018 at 4:54 PM, Daniel Kuppitz <[email protected]> > wrote: > > >> > > >> > Either this or I might have a newer gpg version which changed the > > output > > >> > slightly. We already ignore the suffix for Ted and Jason, so I guess > > we > > >> > should just use the same pattern for everyone. I can CTR this change > > >> into > > >> > all main branches; it's just that: > > >> > > > >> > -[ `gpg ${ZIP_FILENAME}.asc 2>&1 | grep -c '^gpg: Good signature > from > > >> > "Stephen Mallette <[email protected]>"$'` -eq 1 ] || \ > > >> > -[ `gpg ${ZIP_FILENAME}.asc 2>&1 | grep -c '^gpg: Good signature > from > > >> > "Marko Rodriguez <[email protected]>"$'` -eq 1 ] || \ > > >> > +[ `gpg ${ZIP_FILENAME}.asc 2>&1 | grep -c '^gpg: Good signature > from > > >> > "Stephen Mallette <[email protected]>"'` -eq 1 ] || \ > > >> > +[ `gpg ${ZIP_FILENAME}.asc 2>&1 | grep -c '^gpg: Good signature > from > > >> > "Marko Rodriguez <[email protected]>"'` -eq 1 ] || \ > > >> > > > >> > Cheers, > > >> > Daniel > > >> > > > >> > > > >> > On Wed, Apr 4, 2018 at 1:49 PM, Stephen Mallette < > > [email protected]> > > >> > wrote: > > >> > > > >> > > I haven't changed anything - i wonder why this is suddenly an > > issue. I > > >> > > guess it worked for me locally because i was the person who signed > > it? > > >> > > > > >> > > On Wed, Apr 4, 2018 at 4:47 PM, Daniel Kuppitz <[email protected]> > > >> wrote: > > >> > > > > >> > > > gpg: Signature made Tue 03 Apr 2018 12:53:16 PM MST > > >> > > > gpg: using RSA key EA53A99854EAB0E6 > > >> > > > gpg: Good signature from "Stephen Mallette < > [email protected] > > >" > > >> > > > [unknown] > > >> > > > gpg: WARNING: This key is not certified with a trusted > signature! > > >> > > > gpg: There is no indication that the signature belongs > to > > >> the > > >> > > > owner. > > >> > > > Primary key fingerprint: 0871 A360 AAB5 FD42 2516 E2FB EA53 > A998 > > >> 54EA > > >> > > B0E6 > > >> > > > > > >> > > > The [unkown] suffix is what breaks the check. > > >> > > > > > >> > > > If you haven't changed anything in the way you're signing the > > >> > artifacts, > > >> > > we > > >> > > > can probably just ignore the suffix. > > >> > > > > > >> > > > > > >> > > > > > >> > > > On Wed, Apr 4, 2018 at 1:39 PM, Daniel Kuppitz <[email protected] > > > > >> > wrote: > > >> > > > > > >> > > > > The PGP signature check fails for me. > > >> > > > > > > >> > > > > daniel@cube /projects/apache/tinkerpop (tp33) $ > > >> > > > > bin/validate-distribution.sh 3.3.2 > > >> > > > > > > >> > > > > Validating binary distributions > > >> > > > > > > >> > > > > * downloading Apache TinkerPop Gremlin > > (apache-tinkerpop-gremlin- > > >> > > > console-3.3.2-bin.zip)... > > >> > > > > OK > > >> > > > > * validating signatures and checksums ... > > >> > > > > * PGP signature ... failed > > >> > > > > > > >> > > > > daniel@cube /projects/apache/tinkerpop (tp33) $ pushd /tmp > > >> > > > > /tmp /projects/apache/tinkerpop > > >> > > > > daniel@cube /tmp $ wget https://dist.apache.org/repos/ > > >> > > > > dist/dev/tinkerpop/KEYS > > >> > > > > --2018-04-04 13:36:03-- https://dist.apache.org/repos/ > > >> > > > > dist/dev/tinkerpop/KEYS > > >> > > > > Resolving dist.apache.org (dist.apache.org)... 209.188.14.144 > > >> > > > > Connecting to dist.apache.org (dist.apache.org)|209.188.14. > > >> > 144|:443... > > >> > > > > connected. > > >> > > > > HTTP request sent, awaiting response... 200 OK > > >> > > > > Length: 13788 (13K) [text/plain] > > >> > > > > Saving to: ‘KEYS’ > > >> > > > > > > >> > > > > KEYS > > >> > > > > 100%[====================================================== > > >> > > > > ==========================================================>] > > >> 13.46K > > >> > > > > --.-KB/s in 0s > > >> > > > > > > >> > > > > 2018-04-04 13:36:03 (98.0 MB/s) - ‘KEYS’ saved [13788/13788] > > >> > > > > > > >> > > > > daniel@cube /tmp $ gpg --import KEYS > > >> > > > > gpg: key 59028A48CB97E87B: "Marko Rodriguez <[email protected] > >" > > >> not > > >> > > > > changed > > >> > > > > gpg: key EA53A99854EAB0E6: "Stephen Mallette < > > >> [email protected] > > >> > >" > > >> > > > not > > >> > > > > changed > > >> > > > > gpg: key A39CC3ADAEAEF36E: "Theodore Ratte Wilmes (CODE > SIGNING > > >> KEY) > > >> > < > > >> > > > > [email protected]>" not changed > > >> > > > > gpg: key 66B85FF141802BA8: "Jason Plurad (CODE SIGNING KEY) < > > >> > > > > [email protected]>" not changed > > >> > > > > gpg: Total number processed: 4 > > >> > > > > gpg: unchanged: 4 > > >> > > > > daniel@cube /tmp $ popd > > >> > > > > /projects/apache/tinkerpop > > >> > > > > daniel@cube /projects/apache/tinkerpop (tp33) $ > > >> > > > > bin/validate-distribution.sh 3.3.2 > > >> > > > > > > >> > > > > Validating binary distributions > > >> > > > > > > >> > > > > * downloading Apache TinkerPop Gremlin > > (apache-tinkerpop-gremlin- > > >> > > > console-3.3.2-bin.zip)... > > >> > > > > OK > > >> > > > > * validating signatures and checksums ... > > >> > > > > * PGP signature ... failed > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > Cheers, > > >> > > > > Daniel > > >> > > > > > > >> > > > > > > >> > > > > On Tue, Apr 3, 2018 at 2:05 PM, Stephen Mallette < > > >> > [email protected] > > >> > > > > > >> > > > > wrote: > > >> > > > > > > >> > > > >> Hello, > > >> > > > >> > > >> > > > >> We are happy to announce that TinkerPop 3.3.2 is ready for > > >> release. > > >> > > > >> > > >> > > > >> The release artifacts can be found at this location: > > >> > > > >> https://dist.apache.org/repos/ > > dist/dev/tinkerpop/3.3.2/ > > >> > > > >> > > >> > > > >> The source distribution is provided by: > > >> > > > >> apache-tinkerpop-3.3.2-src.zip > > >> > > > >> > > >> > > > >> Two binary distributions are provided for user convenience: > > >> > > > >> apache-tinkerpop-gremlin-console-3.3.2-bin.zip > > >> > > > >> apache-tinkerpop-gremlin-server-3.3.2-bin.zip > > >> > > > >> > > >> > > > >> The GPG key used to sign the release artifacts is available > at: > > >> > > > >> https://dist.apache.org/repos/dist/dev/tinkerpop/KEYS > > >> > > > >> > > >> > > > >> The online docs can be found here: > > >> > > > >> http://tinkerpop.apache.org/docs/3.3.2/ (user docs) > > >> > > > >> http://tinkerpop.apache.org/docs/3.3.2/upgrade/ > > (upgrade > > >> > > docs) > > >> > > > >> http://tinkerpop.apache.org/javadocs/3.3.2/core/ > (core > > >> > > javadoc) > > >> > > > >> http://tinkerpop.apache.org/javadocs/3.3.2/full/ > (full > > >> > > javadoc) > > >> > > > >> > > >> > > > >> The tag in Apache Git can be found here: > > >> > > > >> > > >> > > > >> https://git-wip-us.apache.org/repos/asf?p=tinkerpop.git;a=ta > > >> > > > >> g;h=5938d84a350e048357e3b40f335a0ed161180cc3 > > >> > > > >> > > >> > > > >> The release notes are available here (i linked to the branch > - > > >> > github > > >> > > > >> hasn't sync'd the tag yet for some reason - not sure what the > > >> delay > > >> > is > > >> > > > >> with > > >> > > > >> Apache infra): > > >> > > > >> > > >> > > > >> https://github.com/apache/tinkerpop/blob/tp33/CHANGELOG.asci > > >> > > > >> idoc#release-3-3-2 > > >> > > > >> > > >> > > > >> The [VOTE] will be open for the next 72 hours --- closing > > Friday, > > >> > > April > > >> > > > 6, > > >> > > > >> 2018 at 5:00pm EST. > > >> > > > >> > > >> > > > >> My vote is +1. > > >> > > > >> > > >> > > > >> Thank you very much, > > >> > > > >> Stephen > > >> > > > >> > > >> > > > > > > >> > > > > > > >> > > > > > >> > > > > >> > > > >> > > > > > > > > >
