You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@devicemap.apache.org by Reza <re...@yahoo.com.INVALID> on 2014/10/14 20:08:06 UTC
key signing issue for releasing devicemap-data
So im going thru the steps of releasing devicemap-data 1.0.1 to the public apache nexus repo. Im running into a key signing issue. Was wondering if anyone here had some guidance before I go any deeper.
So here is the error im getting from nexus when validating the release:
"No public key: Key with id: (9d769c3be1b1c1e9) was not able to be located on http://pgp.mit.edu:11371. Upload your public key and try the operation again."
I found this thread which seems to point at the fact that im using a subkey to sign with:
https://issues.sonatype.org/browse/OSSRH-1525
So I believe I need to make a code signing key with no subkey. I noticed that a few of your guys have keys specifically listed as code signing only. I cannot seem to find the instructions for creating a code signing only key (with no subkeys)...?
Re: key signing issue for releasing devicemap-data
Posted by Reza <re...@yahoo.com.INVALID>.
Its available:
Downloading: http://repo.maven.apache.org/maven2/org/apache/devicemap/devicemap-data/1.0.1/devicemap-data-1.0.1.pomDownloaded: http://repo.maven.apache.org/maven2/org/apache/devicemap/devicemap-data/1.0.1/devicemap-data-1.0.1.pom (3 KB at 2.6 KB/sec)Downloading: http://repo.maven.apache.org/maven2/org/apache/devicemap/devicemap-data/1.0.1/devicemap-data-1.0.1.jarDownloaded: http://repo.maven.apache.org/maven2/org/apache/devicemap/devicemap-data/1.0.1/devicemap-data-1.0.1.jar (130 KB at 136.3 KB/sec)
So I need to revamp the release checklist [1] since the process of pushing the build to maven duplicates a lot of the steps.
I also would like to release the next version of the java client soon since it contains a bunch of fixes and it would be nice to publish that to maven as well... :)
Still got the graduation tasks on my radar... going to dive into that soon.
[1] http://wiki.apache.org/devicemap/Release
---
From: Reza <re...@yahoo.com.INVALID>
To: "devicemap-dev@incubator.apache.org" <de...@incubator.apache.org>
Sent: Wednesday, October 15, 2014 11:24 AM
Subject: Re: key signing issue for releasing devicemap-data
So I just went thru the process to publish our devicedata 1.0.1 release to apache's nexus repo and I think it was successful. I will check later today and see if its officially public...! :)
---
From: Reza <re...@yahoo.com.INVALID>
To: "devicemap-dev@incubator.apache.org" <de...@incubator.apache.org>
Sent: Wednesday, October 15, 2014 10:45 AM
Subject: Re: key signing issue for releasing devicemap-data
Looks like my previous key was signing and encryption, which added a subkey. Ok, let me try this again :)
From: Bertrand Delacretaz <bd...@apache.org>
To: "devicemap-dev@incubator.apache.org" <de...@incubator.apache.org>
Sent: Wednesday, October 15, 2014 4:30 AM
Subject: Re: key signing issue for releasing devicemap-data
Hi,
On Tue, Oct 14, 2014 at 8:08 PM, Reza <re...@yahoo.com.invalid> wrote:
> ...I believe I need to make a code signing key with no subkey. I noticed that a few of
> your guys have keys specifically listed as code signing only. I cannot seem to find the
> instructions for creating a code signing only key (with no subkeys)...?
I do not use subkeys, created my key [1] at the command line without
special options (probably following the instructions at [2]) and
didn't have problems with it.
Note that https://issues.sonatype.org/browse/OSSRH-1525 suggests using
GPG keychain access to delete the subkeys if they are unwanted - I
don't know how that works but that might help.
-Bertrand
[1] http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x77B6B69A9E4DCC6B
[2] https://www.gnupg.org/gph/en/manual/c14.html
Re: key signing issue for releasing devicemap-data
Posted by Reza <re...@yahoo.com.INVALID>.
So I just went thru the process to publish our devicedata 1.0.1 release to apache's nexus repo and I think it was successful. I will check later today and see if its officially public...! :)
---
From: Reza <re...@yahoo.com.INVALID>
To: "devicemap-dev@incubator.apache.org" <de...@incubator.apache.org>
Sent: Wednesday, October 15, 2014 10:45 AM
Subject: Re: key signing issue for releasing devicemap-data
Looks like my previous key was signing and encryption, which added a subkey. Ok, let me try this again :)
From: Bertrand Delacretaz <bd...@apache.org>
To: "devicemap-dev@incubator.apache.org" <de...@incubator.apache.org>
Sent: Wednesday, October 15, 2014 4:30 AM
Subject: Re: key signing issue for releasing devicemap-data
Hi,
On Tue, Oct 14, 2014 at 8:08 PM, Reza <re...@yahoo.com.invalid> wrote:
> ...I believe I need to make a code signing key with no subkey. I noticed that a few of
> your guys have keys specifically listed as code signing only. I cannot seem to find the
> instructions for creating a code signing only key (with no subkeys)...?
I do not use subkeys, created my key [1] at the command line without
special options (probably following the instructions at [2]) and
didn't have problems with it.
Note that https://issues.sonatype.org/browse/OSSRH-1525 suggests using
GPG keychain access to delete the subkeys if they are unwanted - I
don't know how that works but that might help.
-Bertrand
[1] http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x77B6B69A9E4DCC6B
[2] https://www.gnupg.org/gph/en/manual/c14.html
Re: key signing issue for releasing devicemap-data
Posted by Reza <re...@yahoo.com.INVALID>.
Looks like my previous key was signing and encryption, which added a subkey. Ok, let me try this again :)
From: Bertrand Delacretaz <bd...@apache.org>
To: "devicemap-dev@incubator.apache.org" <de...@incubator.apache.org>
Sent: Wednesday, October 15, 2014 4:30 AM
Subject: Re: key signing issue for releasing devicemap-data
Hi,
On Tue, Oct 14, 2014 at 8:08 PM, Reza <re...@yahoo.com.invalid> wrote:
> ...I believe I need to make a code signing key with no subkey. I noticed that a few of
> your guys have keys specifically listed as code signing only. I cannot seem to find the
> instructions for creating a code signing only key (with no subkeys)...?
I do not use subkeys, created my key [1] at the command line without
special options (probably following the instructions at [2]) and
didn't have problems with it.
Note that https://issues.sonatype.org/browse/OSSRH-1525 suggests using
GPG keychain access to delete the subkeys if they are unwanted - I
don't know how that works but that might help.
-Bertrand
[1] http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x77B6B69A9E4DCC6B
[2] https://www.gnupg.org/gph/en/manual/c14.html
Re: key signing issue for releasing devicemap-data
Posted by Bertrand Delacretaz <bd...@apache.org>.
Hi,
On Tue, Oct 14, 2014 at 8:08 PM, Reza <re...@yahoo.com.invalid> wrote:
> ...I believe I need to make a code signing key with no subkey. I noticed that a few of
> your guys have keys specifically listed as code signing only. I cannot seem to find the
> instructions for creating a code signing only key (with no subkeys)...?
I do not use subkeys, created my key [1] at the command line without
special options (probably following the instructions at [2]) and
didn't have problems with it.
Note that https://issues.sonatype.org/browse/OSSRH-1525 suggests using
GPG keychain access to delete the subkeys if they are unwanted - I
don't know how that works but that might help.
-Bertrand
[1] http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x77B6B69A9E4DCC6B
[2] https://www.gnupg.org/gph/en/manual/c14.html