It looks like there are timeouts from some of the keyservers. I’ve trimmed the list again to only servers known to be working (ubuntu and sks-keyservers.net <http://sks-keyservers.net/>). Can you give it a try again?
Brian, there are also a number of timeout errors related to central, but I think they are unrelated. com.sonatype.central.secure.nexus.plugin.internal.AuthtokenFetcherImpl - Failed to fetch authtoken: org.apache.http.conn.ConnectTimeoutException: Connect to secure.central.sonatype.com:443 [secure.central.sonatype.com/207.223.241.90] failed: connect timed out -Chris > On Jan 21, 2019, at 2:39 PM, Brian Fox <bri...@infinity.nu> wrote: > > They keys file is irrelevant to Nexus. The only thing that matters is it’s in > the mit pgp key ring. > > --Brian (mobile) > > > On Jan 21, 2019, at 3:34 PM, Wangda Tan <wheele...@gmail.com > <mailto:wheele...@gmail.com>> wrote: > >> I just checked on KEYS file, it doesn't show sig part. I updated KEYS file >> on Apache https://dist.apache.org/repos/dist/release/hadoop/common/KEYS >> <https://dist.apache.org/repos/dist/release/hadoop/common/KEYS> and made it >> be ultimately trusted. >> >> pub rsa4096 2018-03-20 [SC] >> 4C899853CDDA4E40C60212B5B3FA653D57300D45 >> uid [ultimate] Wangda tan <wan...@apache.org >> <mailto:wan...@apache.org>> >> sig 3 B3FA653D57300D45 2018-03-20 Wangda tan <wan...@apache.org >> <mailto:wan...@apache.org>> >> sub rsa4096 2018-03-20 [E] >> sig B3FA653D57300D45 2018-03-20 Wangda tan <wan...@apache.org >> <mailto:wan...@apache.org>> >> But the error still remains same while closing repo, not sure how to get it >> resolved .. >> >> >> On Mon, Jan 21, 2019 at 9:14 AM Wangda Tan <wheele...@gmail.com >> <mailto:wheele...@gmail.com>> wrote: >> Hi David, >> >> Thanks for helping check this, >> >> I can see signatures on my key: >> >> pub 4096R/57300D45 >> <http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45> 2018-03-20 >> >> Fingerprint=4C89 9853 CDDA 4E40 C602 12B5 B3FA 653D 5730 0D45 >> >> uid Wangda tan <wan...@apache.org <mailto:wan...@apache.org>> >> sig sig3 57300D45 >> <http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45> 2018-03-20 >> __________ __________ [selfsig] >> <http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0xB3FA653D57300D45> >> sig sig C36C5F0F >> <http://pool.sks-keyservers.net:11371/key/0x255ADF56C36C5F0F> 2018-04-05 >> __________ __________ Vinod Kumar Vavilapalli (I am also known as >> @tshooter.) <vino...@apache.org> >> <http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0x255ADF56C36C5F0F> >> sig sig F9CBBD4C >> <http://pool.sks-keyservers.net:11371/key/0x29ED86E6F9CBBD4C> 2018-11-08 >> __________ __________ shikong <wudimengh...@gmail.com> >> <http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0x29ED86E6F9CBBD4C> >> >> sub 4096R/D0C16F12 2018-03-20 >> sig sbind 57300D45 >> <http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45> 2018-03-20 >> __________ __________ [] >> <http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0xB3FA653D57300D45> >> And gpg --edit-key also shows: >> >> gpg --edit-key 4C899853CDDA4E40C60212B5B3FA653D57300D45 >> gpg (GnuPG) 2.2.5; Copyright (C) 2018 Free Software Foundation, Inc. >> This is free software: you are free to change and redistribute it. >> There is NO WARRANTY, to the extent permitted by law. >> >> Secret key is available. >> >> sec rsa4096/B3FA653D57300D45 >> created: 2018-03-20 expires: never usage: SC >> trust: unknown validity: unknown >> ssb rsa4096/79CD893FD0C16F12 >> created: 2018-03-20 expires: never usage: E >> [ unknown] (1). Wangda tan <wan...@apache.org <mailto:wan...@apache.org>> >> >> Thanks, >> Wangda >> >> On Mon, Jan 21, 2019 at 9:08 AM David Nalley <da...@gnsa.us >> <mailto:da...@gnsa.us>> wrote: >> I wonder if it's because there are no signatures on your key. >> >> --David >> >> On Mon, Jan 21, 2019 at 11:57 AM Wangda Tan <wheele...@gmail.com >> <mailto:wheele...@gmail.com>> wrote: >> > >> > Hi Brian, >> > >> > Here're links to my key: >> > >> > http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45 >> > <http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45> >> > >> > http://pgp.mit.edu/pks/lookup?op=get&search=0xB3FA653D57300D45 >> > <http://pgp.mit.edu/pks/lookup?op=get&search=0xB3FA653D57300D45> >> > >> > On Apache SVN: >> > https://dist.apache.org/repos/dist/release/hadoop/common/KEYS >> > <https://dist.apache.org/repos/dist/release/hadoop/common/KEYS> >> > >> > Thanks, >> > Wangda >> > >> > On Mon, Jan 21, 2019 at 6:51 AM Brian Demers <brian.dem...@gmail.com >> > <mailto:brian.dem...@gmail.com>> wrote: >> >> >> >> Can you share the link to your key? >> >> >> >> -Brian >> >> >> >> On Jan 20, 2019, at 11:21 PM, Wangda Tan <wheele...@gmail.com >> >> <mailto:wheele...@gmail.com>> wrote: >> >> >> >> Still couldn't figure out without locating the log on the Nexus machine. >> >> With help from several committers and PMCs, we didn't see anything wrong >> >> with my signing key. >> >> >> >> I don't want to delay 3.1.2 more because of this. Is it allowed for me to >> >> publish artifacts (like tarball, source package, etc.) only and somebody >> >> else to push Maven bits to Nexus. I believe Apache bylaw should allow >> >> that because there're several releases have more than one release >> >> managers. If it is not allowed, please take over the RM role if you have >> >> the bandwidth, I think most works have been done except close the Nexus >> >> repo. >> >> >> >> Thanks, >> >> Wangda >> >> >> >> On Thu, Jan 17, 2019 at 11:18 AM Wangda Tan <wheele...@gmail.com >> >> <mailto:wheele...@gmail.com>> wrote: >> >>> >> >>> Spent several more hours trying to figure out the issue, still no luck. >> >>> >> >>> I just filed https://issues.sonatype.org/browse/OSSRH-45646 >> >>> <https://issues.sonatype.org/browse/OSSRH-45646>, really appreciate if >> >>> anybody could add some suggestions. >> >>> >> >>> Thanks, >> >>> Wangda >> >>> >> >>> On Tue, Jan 15, 2019 at 9:48 AM Wangda Tan <wheele...@gmail.com >> >>> <mailto:wheele...@gmail.com>> wrote: >> >>>> >> >>>> It seems the problem still exists for me: >> >>>> >> >>>> Now the error message only contains: >> >>>> >> >>>> failureMessage Failed to validate the pgp signature of >> >>>> '/org/apache/hadoop/hadoop-client-check-invariants/3.1.2/hadoop-client-check-invariants-3.1.2.pom', >> >>>> check the logs. >> >>>> failureMessage Failed to validate the pgp signature of >> >>>> '/org/apache/hadoop/hadoop-resourceestimator/3.1.2/hadoop-resourceestimator-3.1.2-javadoc.jar', >> >>>> check the logs. >> >>>> >> >>>> If anybody has access the Nexus node, could you please help to check >> >>>> what is the failure message? >> >>>> >> >>>> Thanks, >> >>>> Wangda >> >>>> >> >>>> >> >>>> On Tue, Jan 15, 2019 at 9:56 AM Brian Fox <bri...@infinity.nu >> >>>> <mailto:bri...@infinity.nu>> wrote: >> >>>>> >> >>>>> Good to know. The pool has occasionally had sync issues, but we're >> >>>>> talking 3 times in the last 8-9 years. >> >>>>> >> >>>>> On Tue, Jan 15, 2019 at 10:39 AM Elek, Marton <e...@apache.org >> >>>>> <mailto:e...@apache.org>> wrote: >> >>>>>> >> >>>>>> My key was pushed to the server with pgp about 1 year ago, and it >> >>>>>> worked >> >>>>>> well with the last Ratis release. So it should be synced between the >> >>>>>> key >> >>>>>> servers. >> >>>>>> >> >>>>>> But it seems that the INFRA solved the problem with shuffling the key >> >>>>>> server order (or it was an intermittent issue): see INFRA-17649 >> >>>>>> >> >>>>>> Seems to be working now... >> >>>>>> >> >>>>>> Marton >> >>>>>> >> >>>>>> >> >>>>>> On 1/15/19 5:19 AM, Wangda Tan wrote: >> >>>>>> > HI Brain, >> >>>>>> > Thanks for responding, could u share how to push to keys to Apache >> >>>>>> > pgp pool? >> >>>>>> > >> >>>>>> > Best, >> >>>>>> > Wangda >> >>>>>> > >> >>>>>> > On Mon, Jan 14, 2019 at 10:44 AM Brian Fox <bri...@infinity.nu >> >>>>>> > <mailto:bri...@infinity.nu>> wrote: >> >>>>>> > >> >>>>>> >> Did you push your key up to the pgp pool? That's what Nexus is >> >>>>>> >> validating >> >>>>>> >> against. It might take time to propagate if you just pushed it. >> >>>>>> >> >> >>>>>> >> On Mon, Jan 14, 2019 at 9:59 AM Elek, Marton <e...@apache.org >> >>>>>> >> <mailto:e...@apache.org>> wrote: >> >>>>>> >> >> >>>>>> >>> Seems to be an INFRA issue for me: >> >>>>>> >>> >> >>>>>> >>> 1. I downloaded a sample jar file [1] + the signature from the >> >>>>>> >>> repository and it was ok, locally I verified it. >> >>>>>> >>> >> >>>>>> >>> 2. I tested it with an other Apache project (Ratis) and my key. I >> >>>>>> >>> got >> >>>>>> >>> the same problem even if it worked at last year during the 0.3.0 >> >>>>>> >>> release. (I used exactly the same command) >> >>>>>> >>> >> >>>>>> >>> I opened an infra ticket to check the logs of the Nexus as it was >> >>>>>> >>> suggested in the error message: >> >>>>>> >>> >> >>>>>> >>> https://issues.apache.org/jira/browse/INFRA-17649 >> >>>>>> >>> <https://issues.apache.org/jira/browse/INFRA-17649> >> >>>>>> >>> >> >>>>>> >>> Marton >> >>>>>> >>> >> >>>>>> >>> >> >>>>>> >>> [1]: >> >>>>>> >>> >> >>>>>> >>> https://repository.apache.org/service/local/repositories/orgapachehadoop-1183/content/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-javadoc.jar >> >>>>>> >>> >> >>>>>> >>> <https://repository.apache.org/service/local/repositories/orgapachehadoop-1183/content/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-javadoc.jar> >> >>>>>> >>> >> >>>>>> >>> >> >>>>>> >>> On 1/13/19 6:27 AM, Wangda Tan wrote: >> >>>>>> >>>> Uploaded sample file and signature. >> >>>>>> >>>> >> >>>>>> >>>> >> >>>>>> >>>> >> >>>>>> >>>> On Sat, Jan 12, 2019 at 9:18 PM Wangda Tan <wheele...@gmail.com >> >>>>>> >>>> <mailto:wheele...@gmail.com> >> >>>>>> >>>> <mailto:wheele...@gmail.com <mailto:wheele...@gmail.com>>> wrote: >> >>>>>> >>>> >> >>>>>> >>>> Actually, among the hundreds of failed messages, the "No >> >>>>>> >>>> public key" >> >>>>>> >>>> issues still occurred several times: >> >>>>>> >>>> >> >>>>>> >>>> failureMessage No public key: Key with id: >> >>>>>> >>>> (b3fa653d57300d45) >> >>>>>> >>>> was not able to be located on http://gpg-keyserver.de/ >> >>>>>> >>>> <http://gpg-keyserver.de/>. Upload >> >>>>>> >>>> your public key and try the operation again. >> >>>>>> >>>> failureMessage No public key: Key with id: >> >>>>>> >>>> (b3fa653d57300d45) >> >>>>>> >>>> was not able to be located on >> >>>>>> >>>> http://pool.sks-keyservers.net:11371 >> >>>>>> >>>> <http://pool.sks-keyservers.net:11371/>. Upload your public key >> >>>>>> >>> and >> >>>>>> >>>> try the operation again. >> >>>>>> >>>> failureMessage No public key: Key with id: >> >>>>>> >>>> (b3fa653d57300d45) >> >>>>>> >>>> was not able to be located on http://pgp.mit.edu:11371 >> >>>>>> >>>> <http://pgp.mit.edu:11371/>. Upload >> >>>>>> >>>> your public key and try the operation again. >> >>>>>> >>>> >> >>>>>> >>>> Once the close operation returned, I will upload sample >> >>>>>> >>>> files which >> >>>>>> >>>> may help troubleshoot the issue. >> >>>>>> >>>> >> >>>>>> >>>> Thanks, >> >>>>>> >>>> >> >>>>>> >>>> On Sat, Jan 12, 2019 at 9:04 PM Wangda Tan >> >>>>>> >>>> <wheele...@gmail.com <mailto:wheele...@gmail.com> >> >>>>>> >>>> <mailto:wheele...@gmail.com <mailto:wheele...@gmail.com>>> >> >>>>>> >>>> wrote: >> >>>>>> >>>> >> >>>>>> >>>> Thanks David for the quick response! >> >>>>>> >>>> >> >>>>>> >>>> I just retried, now the "No public key" issue is gone. >> >>>>>> >>>> However, >> >>>>>> >>>> the issue: >> >>>>>> >>>> >> >>>>>> >>>> failureMessage Failed to validate the pgp signature >> >>>>>> >>>> of >> >>>>>> >>>> >> >>>>>> >>> >> >>>>>> >>> '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-tests.jar', >> >>>>>> >>>> check the logs. >> >>>>>> >>>> failureMessage Failed to validate the pgp signature >> >>>>>> >>>> of >> >>>>>> >>>> >> >>>>>> >>> >> >>>>>> >>> '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-test-sources.jar', >> >>>>>> >>>> check the logs. >> >>>>>> >>>> failureMessage Failed to validate the pgp signature >> >>>>>> >>>> of >> >>>>>> >>>> >> >>>>>> >>> >> >>>>>> >>> '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2.pom', >> >>>>>> >>>> check the logs. >> >>>>>> >>>> >> >>>>>> >>>> >> >>>>>> >>>> Still exists and repeated hundreds of times. Do you know >> >>>>>> >>>> how to >> >>>>>> >>>> access the logs mentioned by above log? >> >>>>>> >>>> >> >>>>>> >>>> Best, >> >>>>>> >>>> Wangda >> >>>>>> >>>> >> >>>>>> >>>> On Sat, Jan 12, 2019 at 8:37 PM David Nalley >> >>>>>> >>>> <da...@gnsa.us <mailto:da...@gnsa.us> >> >>>>>> >>>> <mailto:da...@gnsa.us <mailto:da...@gnsa.us>>> wrote: >> >>>>>> >>>> >> >>>>>> >>>> On Sat, Jan 12, 2019 at 9:09 PM Wangda Tan >> >>>>>> >>>> <wheele...@gmail.com <mailto:wheele...@gmail.com> >> >>>>>> >>>> <mailto:wheele...@gmail.com <mailto:wheele...@gmail.com>>> wrote: >> >>>>>> >>>> > >> >>>>>> >>>> > Hi Devs, >> >>>>>> >>>> > >> >>>>>> >>>> > I'm currently rolling Hadoop 3.1.2 release >> >>>>>> >>>> candidate, >> >>>>>> >>>> however, I saw an issue when I try to close repo in >> >>>>>> >>>> Nexus. >> >>>>>> >>>> > >> >>>>>> >>>> > Logs of >> >>>>>> >>> https://repository.apache.org/#stagingRepositories >> >>>>>> >>> <https://repository.apache.org/#stagingRepositories> >> >>>>>> >>>> (orgapachehadoop-1183) shows hundreds of lines of the >> >>>>>> >>>> following error: >> >>>>>> >>>> > >> >>>>>> >>>> > failureMessage No public key: Key with id: >> >>>>>> >>>> (b3fa653d57300d45) was not able to be located on >> >>>>>> >>>> http://gpg-keyserver.de/ <http://gpg-keyserver.de/>. >> >>>>>> >>>> Upload your public key and try >> >>>>>> >>> the >> >>>>>> >>>> operation again. >> >>>>>> >>>> > failureMessage No public key: Key with id: >> >>>>>> >>>> (b3fa653d57300d45) was not able to be located on >> >>>>>> >>>> http://pool.sks-keyservers.net:11371 >> >>>>>> >>>> <http://pool.sks-keyservers.net:11371/>. Upload your public >> >>>>>> >>> key >> >>>>>> >>>> and try the operation again. >> >>>>>> >>>> > failureMessage No public key: Key with id: >> >>>>>> >>>> (b3fa653d57300d45) was not able to be located on >> >>>>>> >>>> http://pgp.mit.edu:11371 >> >>>>>> >>>> <http://pgp.mit.edu:11371/>. Upload your public key and try >> >>>>>> >>> the >> >>>>>> >>>> operation again. >> >>>>>> >>>> > ... >> >>>>>> >>>> > failureMessage Failed to validate the pgp >> >>>>>> >>>> signature of >> >>>>>> >>>> >> >>>>>> >>> >> >>>>>> >>> '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-tests.jar', >> >>>>>> >>>> check the logs. >> >>>>>> >>>> > failureMessage Failed to validate the pgp >> >>>>>> >>>> signature of >> >>>>>> >>>> >> >>>>>> >>> >> >>>>>> >>> '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-test-sources.jar', >> >>>>>> >>>> check the logs. >> >>>>>> >>>> > failureMessage Failed to validate the pgp >> >>>>>> >>>> signature of >> >>>>>> >>>> >> >>>>>> >>> >> >>>>>> >>> '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-sources.jar', >> >>>>>> >>>> check the logs. >> >>>>>> >>>> > >> >>>>>> >>>> > >> >>>>>> >>>> > This is the same key I used before (and finished >> >>>>>> >>>> two >> >>>>>> >>>> releases), the same environment I used before. >> >>>>>> >>>> > >> >>>>>> >>>> > I have tried more than 10 times in the last two >> >>>>>> >>>> days, no >> >>>>>> >>>> luck. And closing the repo takes almost one hour >> >>>>>> >>>> (Regular >> >>>>>> >>>> time is less than 1 min) and always fail at the last. >> >>>>>> >>>> > >> >>>>>> >>>> > I used following commands to validate key exists >> >>>>>> >>>> on key >> >>>>>> >>>> servers >> >>>>>> >>>> > >> >>>>>> >>>> > gpg --keyserver pgp.mit.edu <http://pgp.mit.edu/> >> >>>>>> >>>> <http://pgp.mit.edu <http://pgp.mit.edu/>> >> >>>>>> >>>> --recv-keys 57300D45 >> >>>>>> >>>> > gpg: WARNING: unsafe permissions on homedir >> >>>>>> >>>> '/Users/wtan/.gnupg' >> >>>>>> >>>> > gpg: key B3FA653D57300D45: 1 signature not checked >> >>>>>> >>>> due to >> >>>>>> >>>> a missing key >> >>>>>> >>>> > gpg: key B3FA653D57300D45: "Wangda tan >> >>>>>> >>>> <wan...@apache.org <mailto:wan...@apache.org> >> >>>>>> >>>> <mailto:wan...@apache.org >> >>>>>> >>>> <mailto:wan...@apache.org>>>" not changed >> >>>>>> >>>> > gpg: Total number processed: 1 >> >>>>>> >>>> > gpg: unchanged: 1 >> >>>>>> >>>> > >> >>>>>> >>>> > gpg --keyserver pool.sks-keyservers.net >> >>>>>> >>>> <http://pool.sks-keyservers.net/> >> >>>>>> >>>> <http://pool.sks-keyservers.net >> >>>>>> >>>> <http://pool.sks-keyservers.net/>> --recv-keys >> >>>>>> >>> B3FA653D57300D45 >> >>>>>> >>>> > gpg: WARNING: unsafe permissions on homedir >> >>>>>> >>>> '/Users/wtan/.gnupg' >> >>>>>> >>>> > gpg: key B3FA653D57300D45: 1 signature not checked >> >>>>>> >>>> due to >> >>>>>> >>>> a missing key >> >>>>>> >>>> > gpg: key B3FA653D57300D45: "Wangda tan >> >>>>>> >>>> <wan...@apache.org <mailto:wan...@apache.org> >> >>>>>> >>>> <mailto:wan...@apache.org >> >>>>>> >>>> <mailto:wan...@apache.org>>>" not changed >> >>>>>> >>>> > gpg: Total number processed: 1 >> >>>>>> >>>> > gpg: unchanged: 1 >> >>>>>> >>>> > >> >>>>>> >>>> >> >>>>>> >>>> Both of these report that your key was not found. >> >>>>>> >>>> I took the key from the KEYS file and uploaded it to >> >>>>>> >>>> both of >> >>>>>> >>>> those servers. >> >>>>>> >>>> >> >>>>>> >>>> You might try the release again and see if this >> >>>>>> >>>> resolves the >> >>>>>> >>>> issue. >> >>>>>> >>>> >> >>>>>> >>>> >> >>>>>> >>>> >> >>>>>> >>>> --------------------------------------------------------------------- >> >>>>>> >>>> To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org >> >>>>>> >>>> <mailto:hdfs-dev-unsubscr...@hadoop.apache.org> >> >>>>>> >>>> For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org >> >>>>>> >>>> <mailto:hdfs-dev-h...@hadoop.apache.org> >> >>>>>> >>>> >> >>>>>> >>> >> >>>>>> >> >> >>>>>> >
