[jira] [Commented] (OOZIE-3189) Update the release script and wiki page to use sha512 instead of md5
[ https://issues.apache.org/jira/browse/OOZIE-3189?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16405175#comment-16405175 ] Robert Kanter commented on OOZIE-3189: -- I already updated the wiki :) I think you have to file an INFRA JIRA to ask for edit permissions on the wiki. > Update the release script and wiki page to use sha512 instead of md5 > > > Key: OOZIE-3189 > URL: https://issues.apache.org/jira/browse/OOZIE-3189 > Project: Oozie > Issue Type: Improvement > Components: scripts >Reporter: Robert Kanter >Assignee: Robert Kanter >Priority: Blocker > Fix For: 5.0.0 > > Attachments: OOZIE-3189.001.patch, OOZIE-3189.002.patch > > > Apache has updated it's policy on the release signatures, as per it's website > [here|https://www.apache.org/dev/release-distribution#sigs-and-sums] and a > recent email. Basically, all future releases should be providing a sha512 > checksum instead of an md5 one. > There are two tasks: > # Update the release script to use sha512 instead of md5 > [https://github.com/apache/oozie/blob/master/bin/create-release-artifact#L71] > [https://www.apache.org/dev/release-signing#sha-checksum] > # Update the wiki (requires committer/pmc permissions?) > [https://cwiki.apache.org/confluence/display/OOZIE/How+To+Release] > While we're updating the wiki, we should add details on: > # Making sure the gpg key used for signing releases is 4096 bit RSA > # Publishing your gpg public key to a key server > ([https://www.apache.org/dev/release-signing#keyserver]) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OOZIE-3189) Update the release script and wiki page to use sha512 instead of md5
[ https://issues.apache.org/jira/browse/OOZIE-3189?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16404907#comment-16404907 ] Peter Cseh commented on OOZIE-3189: --- Committed to master! I can't update the wiki though even when I'm logging in with my Apache credentials. > Update the release script and wiki page to use sha512 instead of md5 > > > Key: OOZIE-3189 > URL: https://issues.apache.org/jira/browse/OOZIE-3189 > Project: Oozie > Issue Type: Improvement > Components: scripts >Reporter: Robert Kanter >Assignee: Robert Kanter >Priority: Blocker > Fix For: 5.0.0 > > Attachments: OOZIE-3189.001.patch, OOZIE-3189.002.patch > > > Apache has updated it's policy on the release signatures, as per it's website > [here|https://www.apache.org/dev/release-distribution#sigs-and-sums] and a > recent email. Basically, all future releases should be providing a sha512 > checksum instead of an md5 one. > There are two tasks: > # Update the release script to use sha512 instead of md5 > [https://github.com/apache/oozie/blob/master/bin/create-release-artifact#L71] > [https://www.apache.org/dev/release-signing#sha-checksum] > # Update the wiki (requires committer/pmc permissions?) > [https://cwiki.apache.org/confluence/display/OOZIE/How+To+Release] > While we're updating the wiki, we should add details on: > # Making sure the gpg key used for signing releases is 4096 bit RSA > # Publishing your gpg public key to a key server > ([https://www.apache.org/dev/release-signing#keyserver]) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OOZIE-3189) Update the release script and wiki page to use sha512 instead of md5
[ https://issues.apache.org/jira/browse/OOZIE-3189?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16404898#comment-16404898 ] Peter Cseh commented on OOZIE-3189: --- Thanks for the fix! It works perfectly now. +1 > Update the release script and wiki page to use sha512 instead of md5 > > > Key: OOZIE-3189 > URL: https://issues.apache.org/jira/browse/OOZIE-3189 > Project: Oozie > Issue Type: Improvement > Components: scripts >Reporter: Robert Kanter >Assignee: Robert Kanter >Priority: Blocker > Fix For: 5.0.0 > > Attachments: OOZIE-3189.001.patch, OOZIE-3189.002.patch > > > Apache has updated it's policy on the release signatures, as per it's website > [here|https://www.apache.org/dev/release-distribution#sigs-and-sums] and a > recent email. Basically, all future releases should be providing a sha512 > checksum instead of an md5 one. > There are two tasks: > # Update the release script to use sha512 instead of md5 > [https://github.com/apache/oozie/blob/master/bin/create-release-artifact#L71] > [https://www.apache.org/dev/release-signing#sha-checksum] > # Update the wiki (requires committer/pmc permissions?) > [https://cwiki.apache.org/confluence/display/OOZIE/How+To+Release] > While we're updating the wiki, we should add details on: > # Making sure the gpg key used for signing releases is 4096 bit RSA > # Publishing your gpg public key to a key server > ([https://www.apache.org/dev/release-signing#keyserver]) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OOZIE-3189) Update the release script and wiki page to use sha512 instead of md5
[ https://issues.apache.org/jira/browse/OOZIE-3189?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16399576#comment-16399576 ] Robert Kanter commented on OOZIE-3189: -- Test failures are unrelated > Update the release script and wiki page to use sha512 instead of md5 > > > Key: OOZIE-3189 > URL: https://issues.apache.org/jira/browse/OOZIE-3189 > Project: Oozie > Issue Type: Improvement > Components: scripts >Reporter: Robert Kanter >Assignee: Robert Kanter >Priority: Blocker > Fix For: 5.0.0 > > Attachments: OOZIE-3189.001.patch, OOZIE-3189.002.patch > > > Apache has updated it's policy on the release signatures, as per it's website > [here|https://www.apache.org/dev/release-distribution#sigs-and-sums] and a > recent email. Basically, all future releases should be providing a sha512 > checksum instead of an md5 one. > There are two tasks: > # Update the release script to use sha512 instead of md5 > [https://github.com/apache/oozie/blob/master/bin/create-release-artifact#L71] > [https://www.apache.org/dev/release-signing#sha-checksum] > # Update the wiki (requires committer/pmc permissions?) > [https://cwiki.apache.org/confluence/display/OOZIE/How+To+Release] > While we're updating the wiki, we should add details on: > # Making sure the gpg key used for signing releases is 4096 bit RSA > # Publishing your gpg public key to a key server > ([https://www.apache.org/dev/release-signing#keyserver]) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OOZIE-3189) Update the release script and wiki page to use sha512 instead of md5
[
https://issues.apache.org/jira/browse/OOZIE-3189?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16399571#comment-16399571
]
Hadoop QA commented on OOZIE-3189:
--
Testing JIRA OOZIE-3189
Cleaning local git workspace
{color:green}+1 PATCH_APPLIES{color}
{color:green}+1 CLEAN{color}
{color:red}-1 RAW_PATCH_ANALYSIS{color}
.{color:green}+1{color} the patch does not introduce any @author tags
.{color:green}+1{color} the patch does not introduce any tabs
.{color:green}+1{color} the patch does not introduce any trailing spaces
.{color:green}+1{color} the patch does not introduce any line longer than
132
.{color:red}-1{color} the patch does not add/modify any testcase
{color:green}+1 RAT{color}
.{color:green}+1{color} the patch does not seem to introduce new RAT
warnings
{color:green}+1 JAVADOC{color}
.{color:green}+1{color} the patch does not seem to introduce new Javadoc
warnings
.{color:red}WARNING{color}: the current HEAD has 100 Javadoc warning(s)
{color:green}+1 COMPILE{color}
.{color:green}+1{color} HEAD compiles
.{color:green}+1{color} patch compiles
.{color:green}+1{color} the patch does not seem to introduce new javac
warnings
{color:green}+1{color} There are no new bugs found in total.
. {color:green}+1{color} There are no new bugs found in [examples].
. {color:green}+1{color} There are no new bugs found in [core].
. {color:green}+1{color} There are no new bugs found in [sharelib/distcp].
. {color:green}+1{color} There are no new bugs found in [sharelib/hive].
. {color:green}+1{color} There are no new bugs found in [sharelib/pig].
. {color:green}+1{color} There are no new bugs found in [sharelib/spark].
. {color:green}+1{color} There are no new bugs found in [sharelib/hive2].
. {color:green}+1{color} There are no new bugs found in [sharelib/hcatalog].
. {color:green}+1{color} There are no new bugs found in [sharelib/sqoop].
. {color:green}+1{color} There are no new bugs found in [sharelib/oozie].
. {color:green}+1{color} There are no new bugs found in [sharelib/streaming].
. {color:green}+1{color} There are no new bugs found in [webapp].
. {color:green}+1{color} There are no new bugs found in [tools].
. {color:green}+1{color} There are no new bugs found in [docs].
. {color:green}+1{color} There are no new bugs found in [server].
. {color:green}+1{color} There are no new bugs found in [client].
{color:green}+1 BACKWARDS_COMPATIBILITY{color}
.{color:green}+1{color} the patch does not change any JPA
Entity/Colum/Basic/Lob/Transient annotations
.{color:green}+1{color} the patch does not modify JPA files
{color:red}-1 TESTS{color}
.Tests run: 2096
.Tests failed: 17
.Tests errors: 12
.The patch failed the following testcases:
testCoordActionRecoveryServiceForWaitingRegisterPartition(org.apache.oozie.service.TestRecoveryService)
testCoordinatorActionSelectors(org.apache.oozie.jms.TestJMSJobEventListener)
testCoordinatorActionSelectorsNegative(org.apache.oozie.jms.TestJMSJobEventListener)
testWorkflowJobSelectors(org.apache.oozie.jms.TestJMSJobEventListener)
testOnCoordinatorJobSuccessEvent(org.apache.oozie.jms.TestJMSJobEventListener)
testOnWorkflowJobSuspendEvent(org.apache.oozie.jms.TestJMSJobEventListener)
testWorkflowJobSelectorsAnd(org.apache.oozie.jms.TestJMSJobEventListener)
testOnCoordinatorJobFailureEvent(org.apache.oozie.jms.TestJMSJobEventListener)
testConnectionDrop(org.apache.oozie.jms.TestJMSJobEventListener)
testWorkflowJobSelectorsNegative(org.apache.oozie.jms.TestJMSJobEventListener)
testWorkflowJobSelectorsOr(org.apache.oozie.jms.TestJMSJobEventListener)
testOnWorkflowJobSuccessEvent(org.apache.oozie.jms.TestJMSJobEventListener)
testOnCoordinatorActionWaitingEvent(org.apache.oozie.jms.TestJMSJobEventListener)
testOnWorkflowJobFailureEvent(org.apache.oozie.jms.TestJMSJobEventListener)
testOnCoordinatorActionStartEvent(org.apache.oozie.jms.TestJMSJobEventListener)
testOnWorkflowJobStartedEvent(org.apache.oozie.jms.TestJMSJobEventListener)
testPartitionDependency(org.apache.oozie.service.TestPartitionDependencyManagerService)
.Tests failing with errors:
testOnSLADurationMetEvent(org.apache.oozie.jms.TestJMSSLAEventListener)
testOnSLAStartMetEvent(org.apache.oozie.jms.TestJMSSLAEventListener)
testSLAJobSelectorsNegative(org.apache.oozie.jms.TestJMSSLAEventListener)
testOnSLAEndMetEvent(org.apache.oozie.jms.TestJMSSLAEventListener)
testOnSLAStartMissEvent(org.apache.oozie.jms.TestJMSSLAEventListener)
testSLAJobSelectors(org.apache.oozie.jms.TestJMSSLAEventListener)
testOnSLAEndMissEvent(org.apache.oozie.jms.TestJMSSLAEventListener)
testOnSLADurationMissEvent(org.apache.oozie.jms.TestJMSSLAEventListener)
testDropEventTypeMessage(org.apache.oozie.jms.TestHCatMessageHandler)
testCacheUpdateByMessage(org.apache.oozie.jms.TestHCatMessageHandler)
testThreadLocalSession(org.apache.oozie.jms.TestDefaultConnectio
[jira] [Commented] (OOZIE-3189) Update the release script and wiki page to use sha512 instead of md5
[ https://issues.apache.org/jira/browse/OOZIE-3189?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16399407#comment-16399407 ] Hadoop QA commented on OOZIE-3189: -- PreCommit-OOZIE-Build started > Update the release script and wiki page to use sha512 instead of md5 > > > Key: OOZIE-3189 > URL: https://issues.apache.org/jira/browse/OOZIE-3189 > Project: Oozie > Issue Type: Improvement > Components: scripts >Reporter: Robert Kanter >Assignee: Robert Kanter >Priority: Blocker > Fix For: 5.0.0 > > Attachments: OOZIE-3189.001.patch, OOZIE-3189.002.patch > > > Apache has updated it's policy on the release signatures, as per it's website > [here|https://www.apache.org/dev/release-distribution#sigs-and-sums] and a > recent email. Basically, all future releases should be providing a sha512 > checksum instead of an md5 one. > There are two tasks: > # Update the release script to use sha512 instead of md5 > [https://github.com/apache/oozie/blob/master/bin/create-release-artifact#L71] > [https://www.apache.org/dev/release-signing#sha-checksum] > # Update the wiki (requires committer/pmc permissions?) > [https://cwiki.apache.org/confluence/display/OOZIE/How+To+Release] > While we're updating the wiki, we should add details on: > # Making sure the gpg key used for signing releases is 4096 bit RSA > # Publishing your gpg public key to a key server > ([https://www.apache.org/dev/release-signing#keyserver]) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OOZIE-3189) Update the release script and wiki page to use sha512 instead of md5
[
https://issues.apache.org/jira/browse/OOZIE-3189?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16399404#comment-16399404
]
Robert Kanter commented on OOZIE-3189:
--
The 002 patch replaces the {{releaseVersion}} resolution with:
{noformat}
xmllint --xpath "//*[local-name()='project']/*[local-name()='version']/text()"
pom.xml
{noformat}
This is much faster as it doesn't have to run {{mvn}}, nor download any
dependencies if you don't have them (e.g. a clean local maven repo). It simply
parses the XML.
AFAIK, {{xmllint}} should normally be installed. If we don't want to replace
this with a non-maven command, we could instead use:
{noformat}
mvn -q -Dexec.executable="echo" -Dexec.args='${project.version}'
--non-recursive exec:exec
{noformat}
This avoids having to grep out any of the other stuff.
Both of these came from
https://stackoverflow.com/questions/3545292/how-to-get-maven-project-version-to-the-bash-command-line
> Update the release script and wiki page to use sha512 instead of md5
>
>
> Key: OOZIE-3189
> URL: https://issues.apache.org/jira/browse/OOZIE-3189
> Project: Oozie
> Issue Type: Improvement
> Components: scripts
>Reporter: Robert Kanter
>Assignee: Robert Kanter
>Priority: Blocker
> Fix For: 5.0.0
>
> Attachments: OOZIE-3189.001.patch, OOZIE-3189.002.patch
>
>
> Apache has updated it's policy on the release signatures, as per it's website
> [here|https://www.apache.org/dev/release-distribution#sigs-and-sums] and a
> recent email. Basically, all future releases should be providing a sha512
> checksum instead of an md5 one.
> There are two tasks:
> # Update the release script to use sha512 instead of md5
> [https://github.com/apache/oozie/blob/master/bin/create-release-artifact#L71]
> [https://www.apache.org/dev/release-signing#sha-checksum]
> # Update the wiki (requires committer/pmc permissions?)
> [https://cwiki.apache.org/confluence/display/OOZIE/How+To+Release]
> While we're updating the wiki, we should add details on:
> # Making sure the gpg key used for signing releases is 4096 bit RSA
> # Publishing your gpg public key to a key server
> ([https://www.apache.org/dev/release-signing#keyserver])
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (OOZIE-3189) Update the release script and wiki page to use sha512 instead of md5
[
https://issues.apache.org/jira/browse/OOZIE-3189?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16395184#comment-16395184
]
Peter Cseh commented on OOZIE-3189:
---
Thanks for the patch!
./bin/create-release-artifact failder for the first time though.
The problem is that if mvn downloads something then the line
{{releaseVersion=$(mvn help:evaluate -Dexpression=project.version | grep -v
INFO | grep -v WARNING)}} returns "Downloaded from centra: https://..";
instead of the oozie version.
Can you change that line to {{mvn help:evaluate -Dexpression=project.version |
grep -v INFO | grep -v WARNING | grep -v Downloading |grep -v Downloaded}} ? It
seems to fix the issue for now.
> Update the release script and wiki page to use sha512 instead of md5
>
>
> Key: OOZIE-3189
> URL: https://issues.apache.org/jira/browse/OOZIE-3189
> Project: Oozie
> Issue Type: Improvement
> Components: scripts
>Reporter: Robert Kanter
>Assignee: Robert Kanter
>Priority: Blocker
> Fix For: 5.0.0
>
> Attachments: OOZIE-3189.001.patch
>
>
> Apache has updated it's policy on the release signatures, as per it's website
> [here|https://www.apache.org/dev/release-distribution#sigs-and-sums] and a
> recent email. Basically, all future releases should be providing a sha512
> checksum instead of an md5 one.
> There are two tasks:
> # Update the release script to use sha512 instead of md5
> [https://github.com/apache/oozie/blob/master/bin/create-release-artifact#L71]
> [https://www.apache.org/dev/release-signing#sha-checksum]
> # Update the wiki (requires committer/pmc permissions?)
> [https://cwiki.apache.org/confluence/display/OOZIE/How+To+Release]
> While we're updating the wiki, we should add details on:
> # Making sure the gpg key used for signing releases is 4096 bit RSA
> # Publishing your gpg public key to a key server
> ([https://www.apache.org/dev/release-signing#keyserver])
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (OOZIE-3189) Update the release script and wiki page to use sha512 instead of md5
[ https://issues.apache.org/jira/browse/OOZIE-3189?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16390491#comment-16390491 ] Robert Kanter commented on OOZIE-3189: -- Test failures unrelated (no code changes). > Update the release script and wiki page to use sha512 instead of md5 > > > Key: OOZIE-3189 > URL: https://issues.apache.org/jira/browse/OOZIE-3189 > Project: Oozie > Issue Type: Improvement > Components: scripts >Reporter: Robert Kanter >Assignee: Robert Kanter >Priority: Major > Fix For: 5.0.0 > > Attachments: OOZIE-3189.001.patch > > > Apache has updated it's policy on the release signatures, as per it's website > [here|https://www.apache.org/dev/release-distribution#sigs-and-sums] and a > recent email. Basically, all future releases should be providing a sha512 > checksum instead of an md5 one. > There are two tasks: > # Update the release script to use sha512 instead of md5 > [https://github.com/apache/oozie/blob/master/bin/create-release-artifact#L71] > [https://www.apache.org/dev/release-signing#sha-checksum] > # Update the wiki (requires committer/pmc permissions?) > [https://cwiki.apache.org/confluence/display/OOZIE/How+To+Release] > While we're updating the wiki, we should add details on: > # Making sure the gpg key used for signing releases is 4096 bit RSA > # Publishing your gpg public key to a key server > ([https://www.apache.org/dev/release-signing#keyserver]) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OOZIE-3189) Update the release script and wiki page to use sha512 instead of md5
[
https://issues.apache.org/jira/browse/OOZIE-3189?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16390479#comment-16390479
]
Hadoop QA commented on OOZIE-3189:
--
Testing JIRA OOZIE-3189
Cleaning local git workspace
{color:green}+1 PATCH_APPLIES{color}
{color:green}+1 CLEAN{color}
{color:red}-1 RAW_PATCH_ANALYSIS{color}
.{color:green}+1{color} the patch does not introduce any @author tags
.{color:green}+1{color} the patch does not introduce any tabs
.{color:green}+1{color} the patch does not introduce any trailing spaces
.{color:green}+1{color} the patch does not introduce any line longer than
132
.{color:red}-1{color} the patch does not add/modify any testcase
{color:green}+1 RAT{color}
.{color:green}+1{color} the patch does not seem to introduce new RAT
warnings
{color:green}+1 JAVADOC{color}
.{color:green}+1{color} the patch does not seem to introduce new Javadoc
warnings
.{color:red}WARNING{color}: the current HEAD has 100 Javadoc warning(s)
{color:green}+1 COMPILE{color}
.{color:green}+1{color} HEAD compiles
.{color:green}+1{color} patch compiles
.{color:green}+1{color} the patch does not seem to introduce new javac
warnings
{color:green}+1{color} There are no new bugs found in total.
. {color:green}+1{color} There are no new bugs found in [docs].
. {color:green}+1{color} There are no new bugs found in [sharelib/pig].
. {color:green}+1{color} There are no new bugs found in [sharelib/oozie].
. {color:green}+1{color} There are no new bugs found in [sharelib/hcatalog].
. {color:green}+1{color} There are no new bugs found in [sharelib/hive2].
. {color:green}+1{color} There are no new bugs found in [sharelib/distcp].
. {color:green}+1{color} There are no new bugs found in [sharelib/hive].
. {color:green}+1{color} There are no new bugs found in [sharelib/spark].
. {color:green}+1{color} There are no new bugs found in [sharelib/streaming].
. {color:green}+1{color} There are no new bugs found in [sharelib/sqoop].
. {color:green}+1{color} There are no new bugs found in [webapp].
. {color:green}+1{color} There are no new bugs found in [examples].
. {color:green}+1{color} There are no new bugs found in [client].
. {color:green}+1{color} There are no new bugs found in [tools].
. {color:green}+1{color} There are no new bugs found in [server].
. {color:green}+1{color} There are no new bugs found in [core].
{color:green}+1 BACKWARDS_COMPATIBILITY{color}
.{color:green}+1{color} the patch does not change any JPA
Entity/Colum/Basic/Lob/Transient annotations
.{color:green}+1{color} the patch does not modify JPA files
{color:green}+1 TESTS{color}
.Tests run: 2092
.{color:orange}Tests failed at first run:{color}
TestJavaActionExecutor#testCredentialsSkip
TestHiveActionExecutor#testHiveAction
.For the complete list of flaky tests, see TEST-SUMMARY-FULL files.
{color:green}+1 DISTRO{color}
.{color:green}+1{color} distro tarball builds with the patch
{color:red}*-1 Overall result, please check the reported -1(s)*{color}
{color:red}. There is at least one warning, please check{color}
The full output of the test-patch run is available at
. https://builds.apache.org/job/PreCommit-OOZIE-Build/417/
> Update the release script and wiki page to use sha512 instead of md5
>
>
> Key: OOZIE-3189
> URL: https://issues.apache.org/jira/browse/OOZIE-3189
> Project: Oozie
> Issue Type: Improvement
> Components: scripts
>Reporter: Robert Kanter
>Assignee: Robert Kanter
>Priority: Major
> Fix For: 5.0.0
>
> Attachments: OOZIE-3189.001.patch
>
>
> Apache has updated it's policy on the release signatures, as per it's website
> [here|https://www.apache.org/dev/release-distribution#sigs-and-sums] and a
> recent email. Basically, all future releases should be providing a sha512
> checksum instead of an md5 one.
> There are two tasks:
> # Update the release script to use sha512 instead of md5
> [https://github.com/apache/oozie/blob/master/bin/create-release-artifact#L71]
> [https://www.apache.org/dev/release-signing#sha-checksum]
> # Update the wiki (requires committer/pmc permissions?)
> [https://cwiki.apache.org/confluence/display/OOZIE/How+To+Release]
> While we're updating the wiki, we should add details on:
> # Making sure the gpg key used for signing releases is 4096 bit RSA
> # Publishing your gpg public key to a key server
> ([https://www.apache.org/dev/release-signing#keyserver])
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (OOZIE-3189) Update the release script and wiki page to use sha512 instead of md5
[ https://issues.apache.org/jira/browse/OOZIE-3189?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16390341#comment-16390341 ] Hadoop QA commented on OOZIE-3189: -- PreCommit-OOZIE-Build started > Update the release script and wiki page to use sha512 instead of md5 > > > Key: OOZIE-3189 > URL: https://issues.apache.org/jira/browse/OOZIE-3189 > Project: Oozie > Issue Type: Improvement > Components: scripts >Reporter: Robert Kanter >Assignee: Robert Kanter >Priority: Major > Fix For: 5.0.0 > > Attachments: OOZIE-3189.001.patch > > > Apache has updated it's policy on the release signatures, as per it's website > [here|https://www.apache.org/dev/release-distribution#sigs-and-sums] and a > recent email. Basically, all future releases should be providing a sha512 > checksum instead of an md5 one. > There are two tasks: > # Update the release script to use sha512 instead of md5 > [https://github.com/apache/oozie/blob/master/bin/create-release-artifact#L71] > [https://www.apache.org/dev/release-signing#sha-checksum] > # Update the wiki (requires committer/pmc permissions?) > [https://cwiki.apache.org/confluence/display/OOZIE/How+To+Release] > While we're updating the wiki, we should add details on: > # Making sure the gpg key used for signing releases is 4096 bit RSA > # Publishing your gpg public key to a key server > ([https://www.apache.org/dev/release-signing#keyserver]) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OOZIE-3189) Update the release script and wiki page to use sha512 instead of md5
[
https://issues.apache.org/jira/browse/OOZIE-3189?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16390339#comment-16390339
]
Robert Kanter commented on OOZIE-3189:
--
The patch replaces the code generating the md5 with code generating the sha512
as prescribed by the ASF. I also ran ShellCheck and fixed a bunch of minor
things it was complaining about. I did run into a complication because the
command to generate the sha512 has to use a {{>}} to redirect stdout, and that
doesn't work so great with our {{run}} function. I worked around it by
duplicating a few things, but if there's a cleaner way, let me know.
I'll update the wiki shortly.
> Update the release script and wiki page to use sha512 instead of md5
>
>
> Key: OOZIE-3189
> URL: https://issues.apache.org/jira/browse/OOZIE-3189
> Project: Oozie
> Issue Type: Improvement
> Components: scripts
>Reporter: Robert Kanter
>Assignee: Robert Kanter
>Priority: Major
> Fix For: 5.0.0
>
> Attachments: OOZIE-3189.001.patch
>
>
> Apache has updated it's policy on the release signatures, as per it's website
> [here|https://www.apache.org/dev/release-distribution#sigs-and-sums] and a
> recent email. Basically, all future releases should be providing a sha512
> checksum instead of an md5 one.
> There are two tasks:
> # Update the release script to use sha512 instead of md5
> [https://github.com/apache/oozie/blob/master/bin/create-release-artifact#L71]
> [https://www.apache.org/dev/release-signing#sha-checksum]
> # Update the wiki (requires committer/pmc permissions?)
> [https://cwiki.apache.org/confluence/display/OOZIE/How+To+Release]
> While we're updating the wiki, we should add details on:
> # Making sure the gpg key used for signing releases is 4096 bit RSA
> # Publishing your gpg public key to a key server
> ([https://www.apache.org/dev/release-signing#keyserver])
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
