You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Georg Henzler (JIRA)" <ji...@apache.org> on 2018/10/16 20:16:00 UTC

[jira] [Updated] (SLING-8029) Improve check_staged_release.sh to automatically receive the relevant gpg key

     [ https://issues.apache.org/jira/browse/SLING-8029?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Georg Henzler updated SLING-8029:
---------------------------------
    Description: 
When trying to validate the recent release for "Apache Sling Form Based Authentication Handler 1.0.12, Apache Sling Starter Content 1.0.2", I encountered the following problem:

{code}
$ sh check_staged_release.sh 1995 /tmp/sling-staging
################################################################################
                           DOWNLOAD STAGED REPOSITORY                           
################################################################################
2018-10-16 15:22:42 URL:https://repository.apache.org/content/repositories/orgapachesling-1995/org/apache/sling/ [1711] -> "/tmp/sling-staging/1995/org/apache/sling/index.html.tmp" [1]
2018-10-16 15:22:44 URL:https://repository.apache.org/content/repositories/orgapachesling-1995/org/apache/sling/org.apache.sling.auth.form/ [2554] -> "/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/index.html.tmp" [1]
2018-10-16 15:22:45 URL:https://repository.apache.org/content/repositories/orgapachesling-1995/org/apache/sling/org.apache.sling.starter.content/ [2588] -> "/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.starter.content/index.html.tmp" [1]
.....
.....
FINISHED --2018-10-16 15:23:34--
Total wall clock time: 52s
Downloaded: 47 files, 579K in 0.5s (1.25 MB/s)
################################################################################
                          CHECK SIGNATURES AND DIGESTS                          
################################################################################
/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/maven-metadata.xml
gpg:  ----
md5 : GOOD (f165e0092858ee6f6b2301e0d17b1bf3)
sha1 : GOOD (2625d5c75b4b4efd0c43258a6c0dfeef3049d6f1)
/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12.jar
gpg:  BAD!!!!!!!!
md5 : GOOD (101ab3cee4ba891e9c6441e55a1166a0)
sha1 : GOOD (e1e9a32459688ff2e5d9fb6effc561eba708334d)
/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12-sources.jar
gpg:  BAD!!!!!!!!
md5 : GOOD (b8c81df2190741f3b0af50db369fa397)
sha1 : GOOD (6cd5ca4fb9ca64dd363846513502716d7aa8f0ae)
/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12-javadoc.jar
.....
.....
################################################################################
{code}
Taking out the piping to /dev/null in { gpg --verify $f.asc 2>/dev/null}} I got the root cause:
{code}
md5 : GOOD (21db726f5e7241cf619ca1ccb2105ab8)
sha1 : GOOD (003bedc98bde6c4673241413c8cbe4e910364be3)
/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12.pom
gpg: assuming signed data in '/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12.pom'
gpg: Signature made Tue Oct 16 08:57:50 2018 EDT
gpg:                using RSA key 0A665C4670B478BF12235CCD339508654F63EC54
gpg: Can't check signature: No public key
gpg:  BAD!!!!!!!!
{code}

Now the key can be imported using {{gpg --keyserver pool.sks-keyservers.net --recv-keys <key>}}. This should happen automatically. 


> Improve check_staged_release.sh to automatically receive the relevant gpg key
> -----------------------------------------------------------------------------
>
>                 Key: SLING-8029
>                 URL: https://issues.apache.org/jira/browse/SLING-8029
>             Project: Sling
>          Issue Type: Task
>            Reporter: Georg Henzler
>            Assignee: Georg Henzler
>            Priority: Major
>
> When trying to validate the recent release for "Apache Sling Form Based Authentication Handler 1.0.12, Apache Sling Starter Content 1.0.2", I encountered the following problem:
> {code}
> $ sh check_staged_release.sh 1995 /tmp/sling-staging
> ################################################################################
>                            DOWNLOAD STAGED REPOSITORY                           
> ################################################################################
> 2018-10-16 15:22:42 URL:https://repository.apache.org/content/repositories/orgapachesling-1995/org/apache/sling/ [1711] -> "/tmp/sling-staging/1995/org/apache/sling/index.html.tmp" [1]
> 2018-10-16 15:22:44 URL:https://repository.apache.org/content/repositories/orgapachesling-1995/org/apache/sling/org.apache.sling.auth.form/ [2554] -> "/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/index.html.tmp" [1]
> 2018-10-16 15:22:45 URL:https://repository.apache.org/content/repositories/orgapachesling-1995/org/apache/sling/org.apache.sling.starter.content/ [2588] -> "/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.starter.content/index.html.tmp" [1]
> .....
> .....
> FINISHED --2018-10-16 15:23:34--
> Total wall clock time: 52s
> Downloaded: 47 files, 579K in 0.5s (1.25 MB/s)
> ################################################################################
>                           CHECK SIGNATURES AND DIGESTS                          
> ################################################################################
> /tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/maven-metadata.xml
> gpg:  ----
> md5 : GOOD (f165e0092858ee6f6b2301e0d17b1bf3)
> sha1 : GOOD (2625d5c75b4b4efd0c43258a6c0dfeef3049d6f1)
> /tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12.jar
> gpg:  BAD!!!!!!!!
> md5 : GOOD (101ab3cee4ba891e9c6441e55a1166a0)
> sha1 : GOOD (e1e9a32459688ff2e5d9fb6effc561eba708334d)
> /tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12-sources.jar
> gpg:  BAD!!!!!!!!
> md5 : GOOD (b8c81df2190741f3b0af50db369fa397)
> sha1 : GOOD (6cd5ca4fb9ca64dd363846513502716d7aa8f0ae)
> /tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12-javadoc.jar
> .....
> .....
> ################################################################################
> {code}
> Taking out the piping to /dev/null in { gpg --verify $f.asc 2>/dev/null}} I got the root cause:
> {code}
> md5 : GOOD (21db726f5e7241cf619ca1ccb2105ab8)
> sha1 : GOOD (003bedc98bde6c4673241413c8cbe4e910364be3)
> /tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12.pom
> gpg: assuming signed data in '/tmp/sling-staging/1995/org/apache/sling/org.apache.sling.auth.form/1.0.12/org.apache.sling.auth.form-1.0.12.pom'
> gpg: Signature made Tue Oct 16 08:57:50 2018 EDT
> gpg:                using RSA key 0A665C4670B478BF12235CCD339508654F63EC54
> gpg: Can't check signature: No public key
> gpg:  BAD!!!!!!!!
> {code}
> Now the key can be imported using {{gpg --keyserver pool.sks-keyservers.net --recv-keys <key>}}. This should happen automatically. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)