Hi Chris, Thanks for helping the issue,
Now the issue still exists but the process becomes much faster: failureMessage Failed to validate the pgp signature of '/org/apache/hadoop/hadoop-project/3.1.2/hadoop-project-3.1.2.pom', check the logs. failureMessage Failed to validate the pgp signature of '/org/apache/hadoop/hadoop-main/3.1.2/hadoop-main-3.1.2.pom', check the logs. failureMessage Failed to validate the pgp signature of '/org/apache/hadoop/hadoop-build-tools/3.1.2/hadoop-build-tools-3.1.2.jar', check the logs. failureMessage Failed to validate the pgp signature of '/org/apache/hadoop/hadoop-build-tools/3.1.2/hadoop-build-tools-3.1.2.pom', check the logs. Above is the error message, is it possible to get the actual failure message from Nexus server? Thanks, Wangda On Mon, Jan 21, 2019 at 5:18 PM Chris Lambertus <c...@apache.org> wrote: > It looks like there are timeouts from some of the keyservers. I’ve trimmed > the list again to only servers known to be working (ubuntu and > sks-keyservers.net <http://sks-keyservers.net/>). Can you give it a try > again? > > Brian, there are also a number of timeout errors related to central, but I > think they are unrelated. > > com.sonatype.central.secure.nexus.plugin.internal.AuthtokenFetcherImpl - > Failed to fetch authtoken: org.apache.http.conn.ConnectTimeoutException: > Connect to secure.central.sonatype.com:443 [ > secure.central.sonatype.com/207.223.241.90] failed: connect timed out > > -Chris > > > > On Jan 21, 2019, at 2:39 PM, Brian Fox <bri...@infinity.nu> wrote: > > > > They keys file is irrelevant to Nexus. The only thing that matters is > it’s in the mit pgp key ring. > > > > --Brian (mobile) > > > > > > On Jan 21, 2019, at 3:34 PM, Wangda Tan <wheele...@gmail.com <mailto: > wheele...@gmail.com>> wrote: > > > >> I just checked on KEYS file, it doesn't show sig part. I updated KEYS > file on Apache > https://dist.apache.org/repos/dist/release/hadoop/common/KEYS < > https://dist.apache.org/repos/dist/release/hadoop/common/KEYS> and made > it be ultimately trusted. > >> > >> pub rsa4096 2018-03-20 [SC] > >> 4C899853CDDA4E40C60212B5B3FA653D57300D45 > >> uid [ultimate] Wangda tan <wan...@apache.org <mailto: > wan...@apache.org>> > >> sig 3 B3FA653D57300D45 2018-03-20 Wangda tan <wan...@apache.org > <mailto:wan...@apache.org>> > >> sub rsa4096 2018-03-20 [E] > >> sig B3FA653D57300D45 2018-03-20 Wangda tan <wan...@apache.org > <mailto:wan...@apache.org>> > >> But the error still remains same while closing repo, not sure how to > get it resolved .. > >> > >> > >> On Mon, Jan 21, 2019 at 9:14 AM Wangda Tan <wheele...@gmail.com > <mailto:wheele...@gmail.com>> wrote: > >> Hi David, > >> > >> Thanks for helping check this, > >> > >> I can see signatures on my key: > >> > >> pub 4096R/57300D45 < > http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45> 2018-03-20 > > >> Fingerprint=4C89 9853 CDDA 4E40 C602 12B5 B3FA 653D 5730 0D45 > >> > >> uid Wangda tan <wan...@apache.org <mailto:wan...@apache.org>> > >> sig sig3 57300D45 < > http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45> 2018-03-20 > __________ __________ [selfsig] < > http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0xB3FA653D57300D45 > > > >> sig sig C36C5F0F < > http://pool.sks-keyservers.net:11371/key/0x255ADF56C36C5F0F> 2018-04-05 > __________ __________ Vinod Kumar Vavilapalli (I am also known as > @tshooter.) <vino...@apache.org> < > http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0x255ADF56C36C5F0F > > > >> sig sig F9CBBD4C < > http://pool.sks-keyservers.net:11371/key/0x29ED86E6F9CBBD4C> 2018-11-08 > __________ __________ shikong <wudimengh...@gmail.com> < > http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0x29ED86E6F9CBBD4C > > > >> > >> sub 4096R/D0C16F12 2018-03-20 > >> sig sbind 57300D45 < > http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45> 2018-03-20 > __________ __________ [] < > http://pool.sks-keyservers.net:11371/search/vindex/fingerprint/0xB3FA653D57300D45 > > > >> And gpg --edit-key also shows: > >> > >> gpg --edit-key 4C899853CDDA4E40C60212B5B3FA653D57300D45 > >> gpg (GnuPG) 2.2.5; Copyright (C) 2018 Free Software Foundation, Inc. > >> This is free software: you are free to change and redistribute it. > >> There is NO WARRANTY, to the extent permitted by law. > >> > >> Secret key is available. > >> > >> sec rsa4096/B3FA653D57300D45 > >> created: 2018-03-20 expires: never usage: SC > >> trust: unknown validity: unknown > >> ssb rsa4096/79CD893FD0C16F12 > >> created: 2018-03-20 expires: never usage: E > >> [ unknown] (1). Wangda tan <wan...@apache.org <mailto:wan...@apache.org > >> > >> > >> Thanks, > >> Wangda > >> > >> On Mon, Jan 21, 2019 at 9:08 AM David Nalley <da...@gnsa.us <mailto: > da...@gnsa.us>> wrote: > >> I wonder if it's because there are no signatures on your key. > >> > >> --David > >> > >> On Mon, Jan 21, 2019 at 11:57 AM Wangda Tan <wheele...@gmail.com > <mailto:wheele...@gmail.com>> wrote: > >> > > >> > Hi Brian, > >> > > >> > Here're links to my key: > >> > > >> > http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45 < > http://pool.sks-keyservers.net:11371/key/0xB3FA653D57300D45> > >> > > >> > http://pgp.mit.edu/pks/lookup?op=get&search=0xB3FA653D57300D45 < > http://pgp.mit.edu/pks/lookup?op=get&search=0xB3FA653D57300D45> > >> > > >> > On Apache SVN: > https://dist.apache.org/repos/dist/release/hadoop/common/KEYS < > https://dist.apache.org/repos/dist/release/hadoop/common/KEYS> > >> > > >> > Thanks, > >> > Wangda > >> > > >> > On Mon, Jan 21, 2019 at 6:51 AM Brian Demers <brian.dem...@gmail.com > <mailto:brian.dem...@gmail.com>> wrote: > >> >> > >> >> Can you share the link to your key? > >> >> > >> >> -Brian > >> >> > >> >> On Jan 20, 2019, at 11:21 PM, Wangda Tan <wheele...@gmail.com > <mailto:wheele...@gmail.com>> wrote: > >> >> > >> >> Still couldn't figure out without locating the log on the Nexus > machine. With help from several committers and PMCs, we didn't see anything > wrong with my signing key. > >> >> > >> >> I don't want to delay 3.1.2 more because of this. Is it allowed for > me to publish artifacts (like tarball, source package, etc.) only and > somebody else to push Maven bits to Nexus. I believe Apache bylaw should > allow that because there're several releases have more than one release > managers. If it is not allowed, please take over the RM role if you have > the bandwidth, I think most works have been done except close the Nexus > repo. > >> >> > >> >> Thanks, > >> >> Wangda > >> >> > >> >> On Thu, Jan 17, 2019 at 11:18 AM Wangda Tan <wheele...@gmail.com > <mailto:wheele...@gmail.com>> wrote: > >> >>> > >> >>> Spent several more hours trying to figure out the issue, still no > luck. > >> >>> > >> >>> I just filed https://issues.sonatype.org/browse/OSSRH-45646 < > https://issues.sonatype.org/browse/OSSRH-45646>, really appreciate if > anybody could add some suggestions. > >> >>> > >> >>> Thanks, > >> >>> Wangda > >> >>> > >> >>> On Tue, Jan 15, 2019 at 9:48 AM Wangda Tan <wheele...@gmail.com > <mailto:wheele...@gmail.com>> wrote: > >> >>>> > >> >>>> It seems the problem still exists for me: > >> >>>> > >> >>>> Now the error message only contains: > >> >>>> > >> >>>> failureMessage Failed to validate the pgp signature of > '/org/apache/hadoop/hadoop-client-check-invariants/3.1.2/hadoop-client-check-invariants-3.1.2.pom', > check the logs. > >> >>>> failureMessage Failed to validate the pgp signature of > '/org/apache/hadoop/hadoop-resourceestimator/3.1.2/hadoop-resourceestimator-3.1.2-javadoc.jar', > check the logs. > >> >>>> > >> >>>> If anybody has access the Nexus node, could you please help to > check what is the failure message? > >> >>>> > >> >>>> Thanks, > >> >>>> Wangda > >> >>>> > >> >>>> > >> >>>> On Tue, Jan 15, 2019 at 9:56 AM Brian Fox <bri...@infinity.nu > <mailto:bri...@infinity.nu>> wrote: > >> >>>>> > >> >>>>> Good to know. The pool has occasionally had sync issues, but > we're talking 3 times in the last 8-9 years. > >> >>>>> > >> >>>>> On Tue, Jan 15, 2019 at 10:39 AM Elek, Marton <e...@apache.org > <mailto:e...@apache.org>> wrote: > >> >>>>>> > >> >>>>>> My key was pushed to the server with pgp about 1 year ago, and > it worked > >> >>>>>> well with the last Ratis release. So it should be synced between > the key > >> >>>>>> servers. > >> >>>>>> > >> >>>>>> But it seems that the INFRA solved the problem with shuffling > the key > >> >>>>>> server order (or it was an intermittent issue): see INFRA-17649 > >> >>>>>> > >> >>>>>> Seems to be working now... > >> >>>>>> > >> >>>>>> Marton > >> >>>>>> > >> >>>>>> > >> >>>>>> On 1/15/19 5:19 AM, Wangda Tan wrote: > >> >>>>>> > HI Brain, > >> >>>>>> > Thanks for responding, could u share how to push to keys to > Apache pgp pool? > >> >>>>>> > > >> >>>>>> > Best, > >> >>>>>> > Wangda > >> >>>>>> > > >> >>>>>> > On Mon, Jan 14, 2019 at 10:44 AM Brian Fox <bri...@infinity.nu > <mailto:bri...@infinity.nu>> wrote: > >> >>>>>> > > >> >>>>>> >> Did you push your key up to the pgp pool? That's what Nexus > is validating > >> >>>>>> >> against. It might take time to propagate if you just pushed > it. > >> >>>>>> >> > >> >>>>>> >> On Mon, Jan 14, 2019 at 9:59 AM Elek, Marton <e...@apache.org > <mailto:e...@apache.org>> wrote: > >> >>>>>> >> > >> >>>>>> >>> Seems to be an INFRA issue for me: > >> >>>>>> >>> > >> >>>>>> >>> 1. I downloaded a sample jar file [1] + the signature from > the > >> >>>>>> >>> repository and it was ok, locally I verified it. > >> >>>>>> >>> > >> >>>>>> >>> 2. I tested it with an other Apache project (Ratis) and my > key. I got > >> >>>>>> >>> the same problem even if it worked at last year during the > 0.3.0 > >> >>>>>> >>> release. (I used exactly the same command) > >> >>>>>> >>> > >> >>>>>> >>> I opened an infra ticket to check the logs of the Nexus as > it was > >> >>>>>> >>> suggested in the error message: > >> >>>>>> >>> > >> >>>>>> >>> https://issues.apache.org/jira/browse/INFRA-17649 < > https://issues.apache.org/jira/browse/INFRA-17649> > >> >>>>>> >>> > >> >>>>>> >>> Marton > >> >>>>>> >>> > >> >>>>>> >>> > >> >>>>>> >>> [1]: > >> >>>>>> >>> > >> >>>>>> >>> > https://repository.apache.org/service/local/repositories/orgapachehadoop-1183/content/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-javadoc.jar > < > https://repository.apache.org/service/local/repositories/orgapachehadoop-1183/content/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-javadoc.jar > > > >> >>>>>> >>> > >> >>>>>> >>> > >> >>>>>> >>> On 1/13/19 6:27 AM, Wangda Tan wrote: > >> >>>>>> >>>> Uploaded sample file and signature. > >> >>>>>> >>>> > >> >>>>>> >>>> > >> >>>>>> >>>> > >> >>>>>> >>>> On Sat, Jan 12, 2019 at 9:18 PM Wangda Tan < > wheele...@gmail.com <mailto:wheele...@gmail.com> > >> >>>>>> >>>> <mailto:wheele...@gmail.com <mailto:wheele...@gmail.com>>> > wrote: > >> >>>>>> >>>> > >> >>>>>> >>>> Actually, among the hundreds of failed messages, the > "No public key" > >> >>>>>> >>>> issues still occurred several times: > >> >>>>>> >>>> > >> >>>>>> >>>> failureMessage No public key: Key with id: > (b3fa653d57300d45) > >> >>>>>> >>>> was not able to be located on > http://gpg-keyserver.de/ <http://gpg-keyserver.de/>. Upload > >> >>>>>> >>>> your public key and try the operation again. > >> >>>>>> >>>> failureMessage No public key: Key with id: > (b3fa653d57300d45) > >> >>>>>> >>>> was not able to be located on > >> >>>>>> >>>> http://pool.sks-keyservers.net:11371 < > http://pool.sks-keyservers.net:11371/>. Upload your public key > >> >>>>>> >>> and > >> >>>>>> >>>> try the operation again. > >> >>>>>> >>>> failureMessage No public key: Key with id: > (b3fa653d57300d45) > >> >>>>>> >>>> was not able to be located on > http://pgp.mit.edu:11371 <http://pgp.mit.edu:11371/>. Upload > >> >>>>>> >>>> your public key and try the operation again. > >> >>>>>> >>>> > >> >>>>>> >>>> Once the close operation returned, I will upload sample > files which > >> >>>>>> >>>> may help troubleshoot the issue. > >> >>>>>> >>>> > >> >>>>>> >>>> Thanks, > >> >>>>>> >>>> > >> >>>>>> >>>> On Sat, Jan 12, 2019 at 9:04 PM Wangda Tan < > wheele...@gmail.com <mailto:wheele...@gmail.com> > >> >>>>>> >>>> <mailto:wheele...@gmail.com <mailto:wheele...@gmail.com>>> > wrote: > >> >>>>>> >>>> > >> >>>>>> >>>> Thanks David for the quick response! > >> >>>>>> >>>> > >> >>>>>> >>>> I just retried, now the "No public key" issue is > gone. However, > >> >>>>>> >>>> the issue: > >> >>>>>> >>>> > >> >>>>>> >>>> failureMessage Failed to validate the pgp > signature of > >> >>>>>> >>>> > >> >>>>>> >>> > '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-tests.jar', > >> >>>>>> >>>> check the logs. > >> >>>>>> >>>> failureMessage Failed to validate the pgp > signature of > >> >>>>>> >>>> > >> >>>>>> >>> > '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2-test-sources.jar', > >> >>>>>> >>>> check the logs. > >> >>>>>> >>>> failureMessage Failed to validate the pgp > signature of > >> >>>>>> >>>> > >> >>>>>> >>> > '/org/apache/hadoop/hadoop-mapreduce-client-jobclient/3.1.2/hadoop-mapreduce-client-jobclient-3.1.2.pom', > >> >>>>>> >>>> check the logs. > >> >>>>>> >>>> > >> >>>>>> >>>> > >> >>>>>> >>>> Still exists and repeated hundreds of times. Do you > know how to > >> >>>>>> >>>> access the logs mentioned by above log? > >> >>>>>> >>>> > >> >>>>>> >>>> Best, > >> >>>>>> >>>> Wangda > >> >>>>>> >>>> > >> >>>>>> >>>> On Sat, Jan 12, 2019 at 8:37 PM David Nalley < > da...@gnsa.us <mailto:da...@gnsa.us> > >> >>>>>> >>>> <mailto:da...@gnsa.us <mailto:da...@gnsa.us>>> > wrote: > >> >>>>>> >>>> > >> >>>>>> >>>> On Sat, Jan 12, 2019 at 9:09 PM Wangda Tan > >> >>>>>> >>>> <wheele...@gmail.com <mailto: > wheele...@gmail.com> <mailto:wheele...@gmail.com <mailto: > wheele...@gmail.com>>> wrote: > >> >>>>>> >>>> > > >> >>>>>> >>>> > Hi Devs, > >> >>>>>> >>>> > > >> >>>>>> >>>> > I'm currently rolling Hadoop 3.1.2 release > candidate, > >> >>>>>> >>>> however, I saw an issue when I try to close > repo in Nexus. > >> >>>>>> >>>> > > >> >>>>>> >>>> > Logs of > >> >>>>>> >>> https://repository.apache.org/#stagingRepositories < > https://repository.apache.org/#stagingRepositories> > >> >>>>>> >>>> (orgapachehadoop-1183) shows hundreds of lines > of the > >> >>>>>> >>>> following error: > >> >>>>>> >>>> > > >> >>>>>> >>>> > failureMessage No public key: Key with id: > >> >>>>>> >>>> (b3fa653d57300d45) was not able to be located on > >> >>>>>> >>>> http://gpg-keyserver.de/ < > http://gpg-keyserver.de/>. Upload your public key and try > >> >>>>>> >>> the > >> >>>>>> >>>> operation again. > >> >>>>>> >>>> > failureMessage No public key: Key with id: > >> >>>>>> >>>> (b3fa653d57300d45) was not able to be located on > >> >>>>>> >>>> http://pool.sks-keyservers.net:11371 < > http://pool.sks-keyservers.net:11371/>. Upload your public > >> >>>>>> >>> key > >> >>>>>> >>>> and try the operation again. > >> >>>>>> >>>> > failureMessage No public key: Key with id: > >> >>>>>> >>>> (b3fa653d57300d45) was not able to be located on > >> >>>>>> >>>> http://pgp.mit.edu:11371 < > http://pgp.mit.edu:11371/>. Upload your public key and try > >> >>>>>> >>> the > >> >>>>>> >>>> operation again. > >> >>>>>> >>>> > ... > >> >>>>>> >>>> > failureMessage Failed to validate the pgp > signature of > >> >>>>>> >>>> > >> >>>>>> >>> > '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-tests.jar', > >> >>>>>> >>>> check the logs. > >> >>>>>> >>>> > failureMessage Failed to validate the pgp > signature of > >> >>>>>> >>>> > >> >>>>>> >>> > '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-test-sources.jar', > >> >>>>>> >>>> check the logs. > >> >>>>>> >>>> > failureMessage Failed to validate the pgp > signature of > >> >>>>>> >>>> > >> >>>>>> >>> > '/org/apache/hadoop/hadoop-yarn-registry/3.1.2/hadoop-yarn-registry-3.1.2-sources.jar', > >> >>>>>> >>>> check the logs. > >> >>>>>> >>>> > > >> >>>>>> >>>> > > >> >>>>>> >>>> > This is the same key I used before (and > finished two > >> >>>>>> >>>> releases), the same environment I used before. > >> >>>>>> >>>> > > >> >>>>>> >>>> > I have tried more than 10 times in the last > two days, no > >> >>>>>> >>>> luck. And closing the repo takes almost one > hour (Regular > >> >>>>>> >>>> time is less than 1 min) and always fail at the > last. > >> >>>>>> >>>> > > >> >>>>>> >>>> > I used following commands to validate key > exists on key > >> >>>>>> >>>> servers > >> >>>>>> >>>> > > >> >>>>>> >>>> > gpg --keyserver pgp.mit.edu < > http://pgp.mit.edu/> <http://pgp.mit.edu <http://pgp.mit.edu/>> > >> >>>>>> >>>> --recv-keys 57300D45 > >> >>>>>> >>>> > gpg: WARNING: unsafe permissions on homedir > >> >>>>>> >>>> '/Users/wtan/.gnupg' > >> >>>>>> >>>> > gpg: key B3FA653D57300D45: 1 signature not > checked due to > >> >>>>>> >>>> a missing key > >> >>>>>> >>>> > gpg: key B3FA653D57300D45: "Wangda tan < > wan...@apache.org <mailto:wan...@apache.org> > >> >>>>>> >>>> <mailto:wan...@apache.org <mailto: > wan...@apache.org>>>" not changed > >> >>>>>> >>>> > gpg: Total number processed: 1 > >> >>>>>> >>>> > gpg: unchanged: 1 > >> >>>>>> >>>> > > >> >>>>>> >>>> > gpg --keyserver pool.sks-keyservers.net < > http://pool.sks-keyservers.net/> > >> >>>>>> >>>> <http://pool.sks-keyservers.net < > http://pool.sks-keyservers.net/>> --recv-keys > >> >>>>>> >>> B3FA653D57300D45 > >> >>>>>> >>>> > gpg: WARNING: unsafe permissions on homedir > >> >>>>>> >>>> '/Users/wtan/.gnupg' > >> >>>>>> >>>> > gpg: key B3FA653D57300D45: 1 signature not > checked due to > >> >>>>>> >>>> a missing key > >> >>>>>> >>>> > gpg: key B3FA653D57300D45: "Wangda tan < > wan...@apache.org <mailto:wan...@apache.org> > >> >>>>>> >>>> <mailto:wan...@apache.org <mailto: > wan...@apache.org>>>" not changed > >> >>>>>> >>>> > gpg: Total number processed: 1 > >> >>>>>> >>>> > gpg: unchanged: 1 > >> >>>>>> >>>> > > >> >>>>>> >>>> > >> >>>>>> >>>> Both of these report that your key was not > found. > >> >>>>>> >>>> I took the key from the KEYS file and uploaded > it to both of > >> >>>>>> >>>> those servers. > >> >>>>>> >>>> > >> >>>>>> >>>> You might try the release again and see if this > resolves the > >> >>>>>> >>>> issue. > >> >>>>>> >>>> > >> >>>>>> >>>> > >> >>>>>> >>>> > >> >>>>>> >>>> > --------------------------------------------------------------------- > >> >>>>>> >>>> To unsubscribe, e-mail: > hdfs-dev-unsubscr...@hadoop.apache.org <mailto: > hdfs-dev-unsubscr...@hadoop.apache.org> > >> >>>>>> >>>> For additional commands, e-mail: > hdfs-dev-h...@hadoop.apache.org <mailto:hdfs-dev-h...@hadoop.apache.org> > >> >>>>>> >>>> > >> >>>>>> >>> > >> >>>>>> >> > >> >>>>>> > > >
