Thanks Mukund. I am able to verify the signature now, +1 (non-binding)
* Verified sha512 checksum was correct for source tarball * Verified signature was correct for source tarball (not verified trust) * Built source code on Amazon-Linux 2023 and OpenJDK 8 in Amazon EC2 with ARM64 machine) * Verified S3A (hadoop-tools/hadoop-aws) unit tests passing with ARM64 machine * Verified S3A (hadoop-tools/hadoop-aws) integ tests with scale profile passing against Amazon S3 in us-east-1 with ARM64 machine Regards Syed Shameerur Rahman On Tue, Oct 15, 2024 at 7:17 PM Mukund Madhav Thakur <mtha...@cloudera.com> wrote: > I have updated the key in the KEYS file today morning so it should > work now. > > On Mon, Oct 14, 2024 at 5:59 PM Mukund Madhav Thakur <mtha...@cloudera.com> > wrote: > >> Thanks for checking. >> Yes I have used a new key as it is my new laptop. I will update the key. >> >> *➜ **Downloads* gpg --verify hadoop-3.4.1.tar.gz.asc hadoop-3.4.1.tar.gz >> >> >> gpg: Signature made Wed Oct 9 22:40:30 2024 IST >> >> gpg: using RSA key >> 53931DAA708291409958BD474D22BB7D32882201 >> >> gpg: Good signature from "Mukund Thakur <mtha...@apache.org>" [ultimate] >> >> *➜ **Downloads* >> >> >> >> On Mon, Oct 14, 2024 at 4:00 PM Syed Shameerur Rahman < >> syedthame...@gmail.com> wrote: >> >>> >>> I tested S3A unit test and integration with ARM64 machines. The tests >>> are passing but have concerns with signature >>> >>> >>> * Unable to verify signature >>> gpg --verify hadoop-3.4.1.tar.gz.asc hadoop-3.4.1.tar.gz gpg: Signature >>> made Wed Oct 9 17:10:24 2024 UTC gpg: using RSA key >>> 53931DAA708291409958BD474D22BB7D32882201 gpg: Can't check signature: No >>> public key >>> >>> * Built source code on Amazon-Linux 2023 and OpenJDK 8 in Amazon EC2 >>> with ARM64 machine) >>> * Verified S3A (hadoop-tools/hadoop-aws) unit tests passing with ARM64 >>> machine >>> * Verified S3A (hadoop-tools/hadoop-aws) integ tests with scale profile >>> passing against Amazon S3 in us-east-1 with ARM64 machine >>> >>> Thanks >>> Syed Shameerur Rahman >>> >>> On Mon, Oct 14, 2024 at 2:57 PM Xiaoqiao He <hexiaoq...@apache.org> >>> wrote: >>> >>>> Thanks Mukund and Steve for driving this release. >>>> >>>> +0. Will +1 when signature check passed. >>>> >>>> [Y] LICENSE files exist and NOTICE is included. >>>> [Y] Rat check is ok. mvn clean apache-rat:check >>>> [Y] Build the source code on Ubuntu and OpenJDK 11 by `mvn clean package >>>> -DskipTests -Pnative -Pdist -Dtar`. >>>> [Y] Setup pseudo cluster with HDFS and YARN. >>>> [Y] Run simple FsShell - mkdir/put/get/mv/rm and check the result. >>>> [Y] Run example mr jobs and check the result - Pi & wordcount. >>>> [Y] Spot-check and run some unit tests. >>>> [Y] Skimmed the Web UI of NameNode/DataNode/Resourcemanager/NodeManager >>>> etc. >>>> [Y] Skimmed over the contents of site documentation. >>>> [Y] Skimmed over the contents of maven repo. >>>> [N] Verified checksum passed but signature didn't pass. Did you use >>>> another >>>> key to sign? >>>> >>>> > hexiaoqiao@hexiaoqiao-ubuntu:~/Public/hadoop-3.4.1$ gpg --list-key | >>>> grep >>>> > -B2 -A1 "Mukund" >>>> > pub rsa4096 2023-09-28 [SC] [expires: 2027-09-28] >>>> > 41C7034C031FB3AF4BBFB5B89F070EBA4202CEC1 >>>> > uid [ unknown] Mukund Thakur <mtha...@apache.org> >>>> > sub rsa4096 2023-09-28 [E] [expires: 2027-09-28] >>>> > hexiaoqiao@hexiaoqiao-ubuntu:~/Public/hadoop-3.4.1$ gpg --verify >>>> > hadoop-3.4.1.tar.gz.asc hadoop-3.4.1.tar.gz >>>> > gpg: Signature made 2024年10月10日 星期四 01时10分30秒 CST >>>> > gpg: using RSA key >>>> 53931DAA708291409958BD474D22BB7D32882201 >>>> > gpg: Can't check signature: No public key >>>> >>>> >>>> Best Regards, >>>> - He Xiaoqiao >>>> >>>> On Fri, Oct 11, 2024 at 1:31 AM Steve Loughran >>>> <ste...@cloudera.com.invalid> >>>> wrote: >>>> >>>> > Hney, you did the -lean one too! nice >>>> > >>>> > Anyway, yes I'll test. I will try not to find new problems >>>> > >>>> > >>>> > On Thu, 10 Oct 2024 at 12:18, Mukund Madhav Thakur >>>> > <mtha...@cloudera.com.invalid> wrote: >>>> > >>>> > > Apache Hadoop 3.4.1 >>>> > > >>>> > > >>>> > > With help of Steve, I have put together a release candidate (RC3) >>>> for >>>> > > Hadoop 3.4.1. >>>> > > >>>> > > >>>> > > What we would like is for anyone who can to verify the tarballs, >>>> > especially >>>> > > >>>> > > anyone who can try the arm64 binaries as we want to include them >>>> too. >>>> > > >>>> > > >>>> > > The RC is available at: >>>> > > >>>> > > https://dist.apache.org/repos/dist/dev/hadoop/hadoop-3.4.1-RC3/ >>>> > > >>>> > > >>>> > > The git tag is release-3.4.1-RC3, commit >>>> > > 4d7825309348956336b8f06a08322b78422849b1 >>>> > > >>>> > > >>>> > > The maven artifacts are staged at >>>> > > >>>> > > >>>> https://repository.apache.org/content/repositories/orgapachehadoop-1430 >>>> > > >>>> > > >>>> > > You can find my public key at: >>>> > > >>>> > > https://dist.apache.org/repos/dist/release/hadoop/common/KEYS >>>> > > >>>> > > >>>> > > Change log >>>> > > >>>> > > >>>> > >>>> https://dist.apache.org/repos/dist/dev/hadoop/hadoop-3.4.1-RC3/CHANGELOG.md >>>> > > >>>> > > >>>> > > Release notes >>>> > > >>>> > > >>>> > > >>>> > >>>> https://dist.apache.org/repos/dist/dev/hadoop/hadoop-3.4.1-RC3/RELEASENOTES.md >>>> > > >>>> > > >>>> > > This is off branch-3.4.1 >>>> > > >>>> > > >>>> > > Key changes include >>>> > > >>>> > > >>>> > > * Bulk Delete API. >>>> https://issues.apache.org/jira/browse/HADOOP-18679 >>>> > > >>>> > > * Fixes and enhancements in Vectored IO API. >>>> > > >>>> > > * Improvements in Hadoop Azure connector. >>>> > > >>>> > > * Fixes and improvements post upgrade to AWS V2 SDK in S3AConnector. >>>> > > >>>> > > * This release includes Arm64 binaries. Please can anyone with >>>> > > >>>> > > compatible systems validate these. >>>> > > >>>> > > >>>> > > Note, because the arm64 binaries are built separately on a different >>>> > > >>>> > > platform and JVM, their jar files may not match those of the x86 >>>> > > >>>> > > release -and therefore the maven artifacts. I don't think this is >>>> > > >>>> > > an issue (the ASF actually releases source tarballs, the binaries >>>> are >>>> > > >>>> > > there for help only, though with the maven repo that's a bit >>>> blurred). >>>> > > >>>> > > >>>> > > The only way to be consistent would actually untar the x86.tar.gz, >>>> > > >>>> > > overwrite its binaries with the arm stuff, retar, sign and push out >>>> > > >>>> > > for the vote. Even automating that would be risky. >>>> > > >>>> > > >>>> > > Please try the release and vote. The vote will run for 5 days. >>>> > > >>>> > >>>> >>>
