Re: [Urgent] Question about Nexus repo and Hadoop release

2019-01-21 Thread Brian Fox 
They keys file is irrelevant to Nexus. The only thing that matters is it’s in 
the mit pgp key ring.

--Brian (mobile)


> On Jan 21, 2019, at 3:34 PM, Wangda Tan  wrote:
> 
> I just checked on KEYS file, it doesn't show sig part. I updated KEYS file on 
> Apache https://dist.apache.org/repos/dist/release/hadoop/common/KEYS and made 
> it be ultimately trusted. 
> 
> pub   rsa4096 2018-03-20 [SC]
>   4C899853CDDA4E40C60212B5B3FA653D57300D45
> uid   [ultimate] Wangda tan 
> sig 3B3FA653D57300D45 2018-03-20  Wangda tan 
> sub   rsa4096 2018-03-20 [E]
> sig  B3FA653D57300D45 2018-03-20  Wangda tan 
> But the error still remains same while closing repo, not sure how to get it 
> resolved ..
> 
> 
>> On Mon, Jan 21, 2019 at 9:14 AM Wangda Tan  wrote:
>> Hi David,
>> 
>> Thanks for helping check this, 
>> 
>> I can see signatures on my key: 
>> 
>> pub  4096R/57300D45 2018-03-20
>>   Fingerprint=4C89 9853 CDDA 4E40 C602  12B5 B3FA 653D 5730 0D45 
>> 
>> uid Wangda tan 
>> sig  sig3  57300D45 2018-03-20 __ __ [selfsig]
>> sig  sig   C36C5F0F 2018-04-05 __ __ Vinod Kumar Vavilapalli 
>> (I am also known as @tshooter.) 
>> sig  sig   F9CBBD4C 2018-11-08 __ __ shikong 
>> 
>> 
>> sub  4096R/D0C16F12 2018-03-20
>> sig sbind  57300D45 2018-03-20 __ __ []
>> And gpg --edit-key also shows: 
>> 
>> gpg --edit-key 4C899853CDDA4E40C60212B5B3FA653D57300D45
>> gpg (GnuPG) 2.2.5; Copyright (C) 2018 Free Software Foundation, Inc.
>> This is free software: you are free to change and redistribute it.
>> There is NO WARRANTY, to the extent permitted by law.
>> 
>> Secret key is available.
>> 
>> sec  rsa4096/B3FA653D57300D45
>>  created: 2018-03-20  expires: never   usage: SC
>>  trust: unknown   validity: unknown
>> ssb  rsa4096/79CD893FD0C16F12
>>  created: 2018-03-20  expires: never   usage: E
>> [ unknown] (1). Wangda tan 
>> 
>> Thanks,
>> Wangda
>> 
>>> On Mon, Jan 21, 2019 at 9:08 AM David Nalley  wrote:
>>> I wonder if it's because there are no signatures on your key.
>>> 
>>> --David
>>> 
>>> On Mon, Jan 21, 2019 at 11:57 AM Wangda Tan  wrote:
>>> >
>>> > Hi Brian,
>>> >
>>> > Here're links to my key:
>>> >
>>> > http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45
>>> >
>>> > http://pgp.mit.edu/pks/lookup?op=get=0xB3FA653D57300D45
>>> >
>>> > On Apache SVN: 
>>> > https://dist.apache.org/repos/dist/release/hadoop/common/KEYS
>>> >
>>> > Thanks,
>>> > Wangda
>>> >
>>> > On Mon, Jan 21, 2019 at 6:51 AM Brian Demers  
>>> > wrote:
>>> >>
>>> >> Can you share the link to your key?
>>> >>
>>> >> -Brian
>>> >>
>>> >> On Jan 20, 2019, at 11:21 PM, Wangda Tan  wrote:
>>> >>
>>> >> Still couldn't figure out without locating the log on the Nexus machine. 
>>> >> With help from several committers and PMCs, we didn't see anything wrong 
>>> >> with my signing key.
>>> >>
>>> >> I don't want to delay 3.1.2 more because of this. Is it allowed for me 
>>> >> to publish artifacts (like tarball, source package, etc.) only and 
>>> >> somebody else to push Maven bits to Nexus. I believe Apache bylaw should 
>>> >> allow that because there're several releases have more than one release 
>>> >> managers. If it is not allowed, please take over the RM role if you have 
>>> >> the bandwidth, I think most works have been done except close the Nexus 
>>> >> repo.
>>> >>
>>> >> Thanks,
>>> >> Wangda
>>> >>
>>> >> On Thu, Jan 17, 2019 at 11:18 AM Wangda Tan  wrote:
>>> >>>
>>> >>> Spent several more hours trying to figure out the issue, still no luck.
>>> >>>
>>> >>> I just filed https://issues.sonatype.org/browse/OSSRH-45646, really 
>>> >>> appreciate if anybody could add some suggestions.
>>> >>>
>>> >>> Thanks,
>>> >>> Wangda
>>> >>>
>>> >>> On Tue, Jan 15, 2019 at 9:48 AM Wangda Tan  wrote:
>>> >>>>
>>> >>>> I

Re: [Urgent] Question about Nexus repo and Hadoop release

2019-01-15 Thread Brian Fox 
Good to know. The pool has occasionally had sync issues, but we're talking
3 times in the last 8-9 years.

On Tue, Jan 15, 2019 at 10:39 AM Elek, Marton  wrote:

> My key was pushed to the server with pgp about 1 year ago, and it worked
> well with the last Ratis release. So it should be synced between the key
> servers.
>
> But it seems that the INFRA solved the problem with shuffling the key
> server order (or it was an intermittent issue): see INFRA-17649
>
> Seems to be working now...
>
> Marton
>
>
> On 1/15/19 5:19 AM, Wangda Tan wrote:
> > HI Brain,
> > Thanks for responding, could u share how to push to keys to Apache pgp
> pool?
> >
> > Best,
> > Wangda
> >
> > On Mon, Jan 14, 2019 at 10:44 AM Brian Fox  wrote:
> >
> >> Did you push your key up to the pgp pool? That's what Nexus is
> validating
> >> against. It might take time to propagate if you just pushed it.
> >>
> >> On Mon, Jan 14, 2019 at 9:59 AM Elek, Marton  wrote:
> >>
> >>> Seems to be an INFRA issue for me:
> >>>
> >>> 1. I downloaded a sample jar file [1] + the signature from the
> >>> repository and it was ok, locally I verified it.
> >>>
> >>> 2. I tested it with an other Apache project (Ratis) and my key. I got
> >>> the same problem even if it worked at last year during the 0.3.0
> >>> release. (I used exactly the same command)
> >>>
> >>> I opened an infra ticket to check the logs of the Nexus as it was
> >>> suggested in the error message:
> >>>
> >>> https://issues.apache.org/jira/browse/INFRA-17649
> >>>
> >>> Marton
> >>>
> >>>
> >>> [1]:
> >>>
> >>>
> https://repository.apache.org/service/local/repositories/orgapachehadoop-1183/content/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-javadoc.jar
> >>>
> >>>
> >>> On 1/13/19 6:27 AM, Wangda Tan wrote:
> >>>> Uploaded sample file and signature.
> >>>>
> >>>>
> >>>>
> >>>> On Sat, Jan 12, 2019 at 9:18 PM Wangda Tan  >>>> <mailto:wheele...@gmail.com>> wrote:
> >>>>
> >>>> Actually, among the hundreds of failed messages, the "No public
> key"
> >>>> issues still occurred several times:
> >>>>
> >>>> failureMessage  No public key: Key with id: (b3fa653d57300d45)
> >>>> was not able to be located on http://gpg-keyserver.de/.
> Upload
> >>>> your public key and try the operation again.
> >>>> failureMessage  No public key: Key with id: (b3fa653d57300d45)
> >>>> was not able to be located on
> >>>> http://pool.sks-keyservers.net:11371. Upload your public key
> >>> and
> >>>> try the operation again.
> >>>> failureMessage  No public key: Key with id: (b3fa653d57300d45)
> >>>> was not able to be located on http://pgp.mit.edu:11371.
> Upload
> >>>> your public key and try the operation again.
> >>>>
> >>>> Once the close operation returned, I will upload sample files
> which
> >>>> may help troubleshoot the issue.
> >>>>
> >>>> Thanks,
> >>>>
> >>>> On Sat, Jan 12, 2019 at 9:04 PM Wangda Tan  >>>> <mailto:wheele...@gmail.com>> wrote:
> >>>>
> >>>> Thanks David for the quick response!
> >>>>
> >>>> I just retried, now the "No public key" issue is gone.
> However,
> >>>> the issue:
> >>>>
> >>>> failureMessage  Failed to validate the pgp signature of
> >>>>
> >>>
> '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-tests.jar',
> >>>> check the logs.
> >>>> failureMessage  Failed to validate the pgp signature of
> >>>>
> >>>
> '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-test-sources.jar',
> >>>> check the logs.
> >>>> failureMessage  Failed to validate the pgp signature of
> >>>>
> >>>
> '/org/apache/hado

Re: [Urgent] Question about Nexus repo and Hadoop release

2019-01-14 Thread Brian Fox 
Did you push your key up to the pgp pool? That's what Nexus is validating
against. It might take time to propagate if you just pushed it.

On Mon, Jan 14, 2019 at 9:59 AM Elek, Marton  wrote:

> Seems to be an INFRA issue for me:
>
> 1. I downloaded a sample jar file [1] + the signature from the
> repository and it was ok, locally I verified it.
>
> 2. I tested it with an other Apache project (Ratis) and my key. I got
> the same problem even if it worked at last year during the 0.3.0
> release. (I used exactly the same command)
>
> I opened an infra ticket to check the logs of the Nexus as it was
> suggested in the error message:
>
> https://issues.apache.org/jira/browse/INFRA-17649
>
> Marton
>
>
> [1]:
>
> https://repository.apache.org/service/local/repositories/orgapachehadoop-1183/content/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-javadoc.jar
>
>
> On 1/13/19 6:27 AM, Wangda Tan wrote:
> > Uploaded sample file and signature.
> >
> >
> >
> > On Sat, Jan 12, 2019 at 9:18 PM Wangda Tan  > > wrote:
> >
> > Actually, among the hundreds of failed messages, the "No public key"
> > issues still occurred several times:
> >
> > failureMessage  No public key: Key with id: (b3fa653d57300d45)
> > was not able to be located on http://gpg-keyserver.de/. Upload
> > your public key and try the operation again.
> > failureMessage  No public key: Key with id: (b3fa653d57300d45)
> > was not able to be located on
> > http://pool.sks-keyservers.net:11371. Upload your public key and
> > try the operation again.
> > failureMessage  No public key: Key with id: (b3fa653d57300d45)
> > was not able to be located on http://pgp.mit.edu:11371. Upload
> > your public key and try the operation again.
> >
> > Once the close operation returned, I will upload sample files which
> > may help troubleshoot the issue.
> >
> > Thanks,
> >
> > On Sat, Jan 12, 2019 at 9:04 PM Wangda Tan  > > wrote:
> >
> > Thanks David for the quick response!
> >
> > I just retried, now the "No public key" issue is gone. However,
> > the issue:
> >
> > failureMessage  Failed to validate the pgp signature of
> >
>  
> '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-tests.jar',
> > check the logs.
> > failureMessage  Failed to validate the pgp signature of
> >
>  
> '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-test-sources.jar',
> > check the logs.
> > failureMessage  Failed to validate the pgp signature of
> >
>  
> '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2.pom',
> > check the logs.
> >
> >
> > Still exists and repeated hundreds of times. Do you know how to
> > access the logs mentioned by above log?
> >
> > Best,
> > Wangda
> >
> > On Sat, Jan 12, 2019 at 8:37 PM David Nalley  > > wrote:
> >
> > On Sat, Jan 12, 2019 at 9:09 PM Wangda Tan
> > mailto:wheele...@gmail.com>> wrote:
> > >
> > > Hi Devs,
> > >
> > > I'm currently rolling Hadoop 3.1.2 release candidate,
> > however, I saw an issue when I try to close repo in Nexus.
> > >
> > > Logs of https://repository.apache.org/#stagingRepositories
> > (orgapachehadoop-1183) shows hundreds of lines of the
> > following error:
> > >
> > > failureMessage  No public key: Key with id:
> > (b3fa653d57300d45) was not able to be located on
> > http://gpg-keyserver.de/. Upload your public key and try the
> > operation again.
> > > failureMessage  No public key: Key with id:
> > (b3fa653d57300d45) was not able to be located on
> > http://pool.sks-keyservers.net:11371. Upload your public key
> > and try the operation again.
> > > failureMessage  No public key: Key with id:
> > (b3fa653d57300d45) was not able to be located on
> > http://pgp.mit.edu:11371. Upload your public key and try the
> > operation again.
> > > ...
> > > failureMessage  Failed to validate the pgp signature of
> >
>  
> '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-tests.jar',
> > check the logs.
> > > failureMessage  Failed to validate the pgp signature of
> >
>  
> '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-test-sources.jar',
> > check the logs.
> > > failureMessage  Failed to validate the pgp signature