On Fri, Apr 1, 2022 at 2:22 AM Nathan Hartman <hartman.nat...@gmail.com> wrote: > > tl;dr: > (1) Attached script to generate KEYS (I'll be happy to provide the > generated KEYS by request) > (2) dsahlberg, futatuki, jun66j5, kfogel: it can't find your key > > Replies and details inline below... > > On Thu, Mar 31, 2022 at 7:48 PM Daniel Shahaf <d...@daniel.shahaf.name> wrote: > > > > Mark Phippard wrote on Wed, Mar 30, 2022 at 08:01:32 -0400: > > > I am still a little unsure what to do about the KEYS file when we > > > produce this release. > > Okay, so https://downloads.apache.org/subversion/ has the file KEYS, > which is a bit outdated (last modified 2020-07-03). > > There's also subversion-${VERSION}.KEYS as danielsh explains in [1]. > > More below... > > > > Our release.py script no longer works for whatever it used to do and > > > throws an error. I do not know if more errors will happen when I get > > > to the steps of publishing the release to /dist later on. > > > > > > I just updated my Apache LDAP with the fingerprint of my new key I > > > will use to sign the release. > > > > > > Is there anything here we can leverage? > > > > > > https://people.apache.org/keys/ > > danielsh wrote: > > > I did post just a few days ago > > (<https://mail-archives.apache.org/mod_mbox/subversion-dev/202203.mbox/%3C20220323035056.GY7687%40tarpaulin.shahaf.local2%3E>) > > a piece of code that assembles a KEYS-like file from this URL… > > So I took the above-mentioned "piece of code" and expanded it into a > script, attached as make-keys.sh.txt. Improvements welcome. > > When I ran this script (just now): > > [[[ > > svn-trunk$ ../make-keys.sh > Fetching https://people.apache.org/keys/committer/jimb.asc... MISSING > Fetching https://people.apache.org/keys/committer/sussman.asc... MISSING > Fetching https://people.apache.org/keys/committer/kfogel.asc... MISSING > Fetching https://people.apache.org/keys/committer/gstein.asc... OK > Fetching https://people.apache.org/keys/committer/brane.asc... OK > Fetching https://people.apache.org/keys/committer/jorton.asc... MISSING > Fetching https://people.apache.org/keys/committer/ghudson.asc... MISSING > Fetching https://people.apache.org/keys/committer/fitz.asc... OK > Fetching https://people.apache.org/keys/committer/daniel.asc... MISSING > Fetching https://people.apache.org/keys/committer/cmpilato.asc... OK > Fetching https://people.apache.org/keys/committer/philip.asc... OK > Fetching https://people.apache.org/keys/committer/jerenkrantz.asc... MISSING > Fetching https://people.apache.org/keys/committer/rooneg.asc... MISSING > Fetching https://people.apache.org/keys/committer/blair.asc... MISSING > Fetching https://people.apache.org/keys/committer/striker.asc... OK > Fetching https://people.apache.org/keys/committer/dlr.asc... MISSING > Fetching https://people.apache.org/keys/committer/mbk.asc... MISSING > Fetching https://people.apache.org/keys/committer/jaa.asc... MISSING > Fetching https://people.apache.org/keys/committer/julianfoad.asc... OK > Fetching https://people.apache.org/keys/committer/jszakmeister.asc... MISSING > Fetching https://people.apache.org/keys/committer/ehu.asc... MISSING > Fetching https://people.apache.org/keys/committer/breser.asc... OK > Fetching https://people.apache.org/keys/committer/maxb.asc... OK > Fetching https://people.apache.org/keys/committer/dberlin.asc... MISSING > Fetching https://people.apache.org/keys/committer/danderson.asc... MISSING > Fetching https://people.apache.org/keys/committer/djames.asc... MISSING > Fetching https://people.apache.org/keys/committer/pburba.asc... OK > Fetching https://people.apache.org/keys/committer/glasser.asc... MISSING > Fetching https://people.apache.org/keys/committer/lgo.asc... OK > Fetching https://people.apache.org/keys/committer/hwright.asc... OK > Fetching https://people.apache.org/keys/committer/vgeorgescu.asc... MISSING > Fetching https://people.apache.org/keys/committer/kameshj.asc... MISSING > Fetching https://people.apache.org/keys/committer/markphip.asc... OK > Fetching https://people.apache.org/keys/committer/arfrever.asc... MISSING > Fetching https://people.apache.org/keys/committer/stsp.asc... OK > Fetching https://people.apache.org/keys/committer/kou.asc... OK > Fetching https://people.apache.org/keys/committer/danielsh.asc... OK > Fetching https://people.apache.org/keys/committer/peters.asc... MISSING > Fetching https://people.apache.org/keys/committer/rhuijben.asc... OK > Fetching https://people.apache.org/keys/committer/stylesen.asc... OK > Fetching https://people.apache.org/keys/committer/steveking.asc... MISSING > Fetching https://people.apache.org/keys/committer/neels.asc... OK > Fetching https://people.apache.org/keys/committer/jwhitlock.asc... MISSING > Fetching https://people.apache.org/keys/committer/sbutler.asc... MISSING > Fetching https://people.apache.org/keys/committer/dannas.asc... MISSING > Fetching https://people.apache.org/keys/committer/stefan2.asc... OK > Fetching https://people.apache.org/keys/committer/jcorvel.asc... OK > Fetching https://people.apache.org/keys/committer/trent.asc... MISSING > Fetching https://people.apache.org/keys/committer/kotkov.asc... OK > Fetching https://people.apache.org/keys/committer/astieger.asc... OK > Fetching https://people.apache.org/keys/committer/jamessan.asc... OK > Fetching https://people.apache.org/keys/committer/luke1410.asc... OK > Fetching https://people.apache.org/keys/committer/troycurtisjr.asc... OK > Fetching https://people.apache.org/keys/committer/hartmannathan.asc... OK > Fetching https://people.apache.org/keys/committer/futatuki.asc... MISSING > Fetching https://people.apache.org/keys/committer/jun66j5.asc... MISSING > Fetching https://people.apache.org/keys/committer/dsahlberg.asc... MISSING > > ]]] > > As you can see, the keys are MISSING for the following committers who > are participating in this release: > > dsahlberg, futatuki, jun66j5, kfogel > > Not sure what's going on... perhaps they should check and/or update > id.apache.org? Or upload their keys to a keyserver? Or is the above > committers directory out-of-date? I'm not sure. > > Mark wrote: > > > > Maybe someone can manually generate a KEYS file and send it to me to > > > include in the release? I imagine if I drop it in the folder with the > > > tarballs after I produce them the process will think that it is the > > > one it expects to have. > > > > > > Mark > > Let me know if you'd like me to email you the KEYS file generated by > the attached script... The file is approx 1 MB in size.
I was able to run the script without problem, so I think I am all set. The release.py script will still fail when it tries to download the KEYS but I am assuming that is the last step it does in that part of the process. Presumably if I then drop this file in to the folder it should be good from that point onward. FWIW, my understanding is that this file is relevant to who signs this release. So the fact that every committer is not included seems OK. If any of them sign this release they would need to provide their key. Also, since I had to generate a new key I got a ed25519 key. I assume that will not be a problem anywhere. Mark
