Re: [Urgent] Question about Nexus repo and Hadoop release

2019-01-22 Thread Brian Demers 
nt/0x255ADF56C36C5F0F
>>> >
>>> >> sig  sig   F9CBBD4C <
>>> http://pool.sks-keyservers.net:11371/key/0x29ED86E6F9CBBD4C> 2018-11-08
>>> __ __ shikong  <
>>> http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0x29ED86E6F9CBBD4C
>>> >
>>> >>
>>> >> sub  4096R/D0C16F12 2018-03-20
>>> >> sig sbind  57300D45 <
>>> http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45> 2018-03-20
>>> __ __ [] <
>>> http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0xB3FA653D57300D45
>>> >
>>> >> And gpg --edit-key also shows:
>>> >>
>>> >> gpg --edit-key 4C899853CDDA4E40C60212B5B3FA653D57300D45
>>> >> gpg (GnuPG) 2.2.5; Copyright (C) 2018 Free Software Foundation, Inc.
>>> >> This is free software: you are free to change and redistribute it.
>>> >> There is NO WARRANTY, to the extent permitted by law.
>>> >>
>>> >> Secret key is available.
>>> >>
>>> >> sec  rsa4096/B3FA653D57300D45
>>> >>  created: 2018-03-20  expires: never   usage: SC
>>> >>  trust: unknown   validity: unknown
>>> >> ssb  rsa4096/79CD893FD0C16F12
>>> >>  created: 2018-03-20  expires: never   usage: E
>>> >> [ unknown] (1). Wangda tan >> wan...@apache.org>>
>>> >>
>>> >> Thanks,
>>> >> Wangda
>>> >>
>>> >> On Mon, Jan 21, 2019 at 9:08 AM David Nalley >> da...@gnsa.us>> wrote:
>>> >> I wonder if it's because there are no signatures on your key.
>>> >>
>>> >> --David
>>> >>
>>> >> On Mon, Jan 21, 2019 at 11:57 AM Wangda Tan >> <mailto:wheele...@gmail.com>> wrote:
>>> >> >
>>> >> > Hi Brian,
>>> >> >
>>> >> > Here're links to my key:
>>> >> >
>>> >> > http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45 <
>>> http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45>
>>> >> >
>>> >> > http://pgp.mit.edu/pks/lookup?op=get=0xB3FA653D57300D45 <
>>> http://pgp.mit.edu/pks/lookup?op=get=0xB3FA653D57300D45>
>>> >> >
>>> >> > On Apache SVN:
>>> https://dist.apache.org/repos/dist/release/hadoop/common/KEYS <
>>> https://dist.apache.org/repos/dist/release/hadoop/common/KEYS>
>>> >> >
>>> >> > Thanks,
>>> >> > Wangda
>>> >> >
>>> >> > On Mon, Jan 21, 2019 at 6:51 AM Brian Demers <
>>> brian.dem...@gmail.com <mailto:brian.dem...@gmail.com>> wrote:
>>> >> >>
>>> >> >> Can you share the link to your key?
>>> >> >>
>>> >> >> -Brian
>>> >> >>
>>> >> >> On Jan 20, 2019, at 11:21 PM, Wangda Tan >> <mailto:wheele...@gmail.com>> wrote:
>>> >> >>
>>> >> >> Still couldn't figure out without locating the log on the Nexus
>>> machine. With help from several committers and PMCs, we didn't see anything
>>> wrong with my signing key.
>>> >> >>
>>> >> >> I don't want to delay 3.1.2 more because of this. Is it allowed
>>> for me to publish artifacts (like tarball, source package, etc.) only and
>>> somebody else to push Maven bits to Nexus. I believe Apache bylaw should
>>> allow that because there're several releases have more than one release
>>> managers. If it is not allowed, please take over the RM role if you have
>>> the bandwidth, I think most works have been done except close the Nexus
>>> repo.
>>> >> >>
>>> >> >> Thanks,
>>> >> >> Wangda
>>> >> >>
>>> >> >> On Thu, Jan 17, 2019 at 11:18 AM Wangda Tan >> <mailto:wheele...@gmail.com>> wrote:
>>> >> >>>
>>> >> >>> Spent several more hours trying to figure out the issue, still no
>>> luck.
>>> >> >>>
>>> >> >>> I just filed https://issues.sonatype.org/browse/OSSRH-45646 <
>>> https://issues.sonatype.org/browse/OSSRH-45646>, really appreciate if
>>> anybody could add some suggestions.
>>

Re: [Urgent] Question about Nexus repo and Hadoop release

2019-01-21 Thread Brian Demers 
Can you share the link to your key?

-Brian

> On Jan 20, 2019, at 11:21 PM, Wangda Tan  wrote:
> 
> Still couldn't figure out without locating the log on the Nexus machine. With 
> help from several committers and PMCs, we didn't see anything wrong with my 
> signing key.
> 
> I don't want to delay 3.1.2 more because of this. Is it allowed for me to 
> publish artifacts (like tarball, source package, etc.) only and somebody else 
> to push Maven bits to Nexus. I believe Apache bylaw should allow that because 
> there're several releases have more than one release managers. If it is not 
> allowed, please take over the RM role if you have the bandwidth, I think most 
> works have been done except close the Nexus repo.
> 
> Thanks,
> Wangda
> 
>> On Thu, Jan 17, 2019 at 11:18 AM Wangda Tan  wrote:
>> Spent several more hours trying to figure out the issue, still no luck. 
>> 
>> I just filed https://issues.sonatype.org/browse/OSSRH-45646, really 
>> appreciate if anybody could add some suggestions.
>> 
>> Thanks,
>> Wangda
>> 
>>> On Tue, Jan 15, 2019 at 9:48 AM Wangda Tan  wrote:
>>> It seems the problem still exists for me: 
>>> 
>>> Now the error message only contains:
>>> 
>>> failureMessage  Failed to validate the pgp signature of 
>>> '/org/apache/hadoop/hadoop-client-check-invariants/3.1.2/hadoop-client-check-invariants-3.1.2.pom',
>>>  check the logs.
>>> failureMessage  Failed to validate the pgp signature of 
>>> '/org/apache/hadoop/hadoop-resourceestimator/3.1.2/hadoop-resourceestimator-3.1.2-javadoc.jar',
>>>  check the logs.
>>> 
>>> If anybody has access the Nexus node, could you please help to check what 
>>> is the failure message?  
>>> 
>>> Thanks,
>>> Wangda
>>> 
>>> 
 On Tue, Jan 15, 2019 at 9:56 AM Brian Fox  wrote:
 Good to know. The pool has occasionally had sync issues, but we're talking 
 3 times in the last 8-9 years.
 
> On Tue, Jan 15, 2019 at 10:39 AM Elek, Marton  wrote:
> My key was pushed to the server with pgp about 1 year ago, and it worked
> well with the last Ratis release. So it should be synced between the key
> servers.
> 
> But it seems that the INFRA solved the problem with shuffling the key
> server order (or it was an intermittent issue): see INFRA-17649
> 
> Seems to be working now...
> 
> Marton
> 
> 
> On 1/15/19 5:19 AM, Wangda Tan wrote:
> > HI Brain,
> > Thanks for responding, could u share how to push to keys to Apache pgp 
> > pool?
> > 
> > Best,
> > Wangda
> > 
> > On Mon, Jan 14, 2019 at 10:44 AM Brian Fox  wrote:
> > 
> >> Did you push your key up to the pgp pool? That's what Nexus is 
> >> validating
> >> against. It might take time to propagate if you just pushed it.
> >>
> >> On Mon, Jan 14, 2019 at 9:59 AM Elek, Marton  wrote:
> >>
> >>> Seems to be an INFRA issue for me:
> >>>
> >>> 1. I downloaded a sample jar file [1] + the signature from the
> >>> repository and it was ok, locally I verified it.
> >>>
> >>> 2. I tested it with an other Apache project (Ratis) and my key. I got
> >>> the same problem even if it worked at last year during the 0.3.0
> >>> release. (I used exactly the same command)
> >>>
> >>> I opened an infra ticket to check the logs of the Nexus as it was
> >>> suggested in the error message:
> >>>
> >>> https://issues.apache.org/jira/browse/INFRA-17649
> >>>
> >>> Marton
> >>>
> >>>
> >>> [1]:
> >>>
> >>> https://repository.apache.org/service/local/repositories/orgapachehadoop-1183/content/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-javadoc.jar
> >>>
> >>>
> >>> On 1/13/19 6:27 AM, Wangda Tan wrote:
>  Uploaded sample file and signature.
> 
> 
> 
>  On Sat, Jan 12, 2019 at 9:18 PM Wangda Tan   > wrote:
> 
>  Actually, among the hundreds of failed messages, the "No public 
>  key"
>  issues still occurred several times:
> 
>  failureMessage  No public key: Key with id: 
>  (b3fa653d57300d45)
>  was not able to be located on http://gpg-keyserver.de/. 
>  Upload
>  your public key and try the operation again.
>  failureMessage  No public key: Key with id: 
>  (b3fa653d57300d45)
>  was not able to be located on
>  http://pool.sks-keyservers.net:11371. Upload your public key
> >>> and
>  try the operation again.
>  failureMessage  No public key: Key with id: 
>  (b3fa653d57300d45)
>  was not able to be located on http://pgp.mit.edu:11371. 
>  Upload
>  your public key and try the operation again.
> 
>  Once the close