You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by GitBox <gi...@apache.org> on 2022/08/22 16:23:49 UTC
[GitHub] [hbase] ndimiduk opened a new pull request, #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
ndimiduk opened a new pull request, #4716:
URL: https://github.com/apache/hbase/pull/4716
This is... a solution. It's probably fine for running on hardware you own with a source repository you trust. I'm not sure it's wise when running on a remote build machine...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache9 commented on pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
Apache9 commented on PR #4716:
URL: https://github.com/apache/hbase/pull/4716#issuecomment-1307333124
> Yes, this is my point -- since we upgraded to this combination of gpg and maven-gpg-plugin, builds require use of the extra socket. This is why I think that we should merge this patch as is, without adding extract flags to enable the user to select which socket is used.
I'm a bit confusing, here you said we must use the 'extra' socket but what you have done in this PR is to remove the usage of 'exrta' socket? Sorry I can not follow.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache9 commented on pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
Apache9 commented on PR #4716:
URL: https://github.com/apache/hbase/pull/4716#issuecomment-1223497218
I also changed the script locally to use `agent-socket` instead of `agent-extra-socket` but probably this is just a different usage.
I own the build machine so I can put the private key on the machine. But IIRC, what @busbey suggested in the past, is to use agent forwarding so you do not need to put your private key on the build machine. See here
https://wiki.gnupg.org/AgentForwarding
So maybe we could make this configurable? By default we will use local key, but with a special command line argument we could still use the extra socket.
Thanks.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
Apache-HBase commented on PR #4716:
URL: https://github.com/apache/hbase/pull/4716#issuecomment-1307329387
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 1m 18s | Docker mode activated. |
| -0 :warning: | yetus | 0m 6s | Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck |
||| _ Prechecks _ |
||| _ master Compile Tests _ |
| +0 :ok: | mvndep | 0m 11s | Maven dependency ordering for branch |
||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 5s | Maven dependency ordering for patch |
||| _ Other Tests _ |
| | | 2m 14s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4716/2/artifact/yetus-jdk11-hadoop3-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/hbase/pull/4716 |
| Optional Tests | |
| uname | Linux 250c2d606710 5.4.0-131-generic #147-Ubuntu SMP Fri Oct 14 17:07:22 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/hbase-personality.sh |
| git revision | master / 41c7bd3a97 |
| Max. process+thread count | 39 (vs. ulimit of 30000) |
| modules | C: U: |
| Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4716/2/console |
| versions | git=2.34.1 maven=3.8.6 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
Apache-HBase commented on PR #4716:
URL: https://github.com/apache/hbase/pull/4716#issuecomment-1307329364
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 0m 24s | Docker mode activated. |
||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. |
| +0 :ok: | shelldocs | 0m 0s | Shelldocs was not available. |
| +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. |
||| _ master Compile Tests _ |
| +0 :ok: | mvndep | 0m 11s | Maven dependency ordering for branch |
| +1 :green_heart: | spotless | 0m 38s | branch has no errors when running spotless:check. |
||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 4s | Maven dependency ordering for patch |
| +1 :green_heart: | hadolint | 0m 0s | There were no new hadolint issues. |
| +1 :green_heart: | shellcheck | 0m 2s | There were no new shellcheck issues. |
| +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. |
| +1 :green_heart: | spotless | 0m 37s | patch has no errors when running spotless:check. |
||| _ Other Tests _ |
| +0 :ok: | asflicense | 0m 0s | ASF License check generated no output? |
| | | 2m 44s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4716/2/artifact/yetus-general-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/hbase/pull/4716 |
| Optional Tests | dupname asflicense spotless shellcheck shelldocs hadolint |
| uname | Linux bea9dabc36e2 5.4.0-124-generic #140-Ubuntu SMP Thu Aug 4 02:23:37 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/hbase-personality.sh |
| git revision | master / 41c7bd3a97 |
| Max. process+thread count | 44 (vs. ulimit of 30000) |
| modules | C: U: |
| Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4716/2/console |
| versions | git=2.34.1 maven=3.8.6 shellcheck=0.8.0 hadolint=Haskell Dockerfile Linter 2.10.0 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
Apache-HBase commented on PR #4716:
URL: https://github.com/apache/hbase/pull/4716#issuecomment-1295260158
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 1m 0s | Docker mode activated. |
||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. |
| +0 :ok: | shelldocs | 0m 0s | Shelldocs was not available. |
| +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. |
||| _ master Compile Tests _ |
| +0 :ok: | mvndep | 0m 11s | Maven dependency ordering for branch |
| +1 :green_heart: | spotless | 0m 39s | branch has no errors when running spotless:check. |
||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 4s | Maven dependency ordering for patch |
| +1 :green_heart: | hadolint | 0m 2s | There were no new hadolint issues. |
| -0 :warning: | shellcheck | 0m 1s | The patch generated 1 new + 18 unchanged - 0 fixed = 19 total (was 18) |
| +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. |
| +1 :green_heart: | spotless | 0m 36s | patch has no errors when running spotless:check. |
||| _ Other Tests _ |
| +0 :ok: | asflicense | 0m 0s | ASF License check generated no output? |
| | | 3m 19s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4716/1/artifact/yetus-general-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/hbase/pull/4716 |
| Optional Tests | dupname asflicense spotless shellcheck shelldocs hadolint |
| uname | Linux 78ab2a568c9a 5.4.0-124-generic #140-Ubuntu SMP Thu Aug 4 02:23:37 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/hbase-personality.sh |
| git revision | master / cdabfd3ca8 |
| shellcheck | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4716/1/artifact/yetus-general-check/output/diff-patch-shellcheck.txt |
| Max. process+thread count | 34 (vs. ulimit of 30000) |
| modules | C: U: |
| Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4716/1/console |
| versions | git=2.17.1 maven=3.6.3 shellcheck=0.4.6 hadolint=1.17.5-0-g443423c |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
Apache-HBase commented on PR #4716:
URL: https://github.com/apache/hbase/pull/4716#issuecomment-1222600105
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 0m 41s | Docker mode activated. |
| -0 :warning: | yetus | 0m 3s | Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck |
||| _ Prechecks _ |
||| _ master Compile Tests _ |
| +0 :ok: | mvndep | 0m 13s | Maven dependency ordering for branch |
||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 3s | Maven dependency ordering for patch |
||| _ Other Tests _ |
| | | 1m 49s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4716/1/artifact/yetus-jdk8-hadoop3-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/hbase/pull/4716 |
| Optional Tests | |
| uname | Linux 845b7bd08507 5.4.0-1081-aws #88~18.04.1-Ubuntu SMP Thu Jun 23 16:29:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/hbase-personality.sh |
| git revision | master / 00a719e76f |
| Max. process+thread count | 29 (vs. ulimit of 30000) |
| modules | C: U: |
| Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4716/1/console |
| versions | git=2.17.1 maven=3.6.3 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] saintstack commented on a diff in pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
saintstack commented on code in PR #4716:
URL: https://github.com/apache/hbase/pull/4716#discussion_r951656957
##########
dev-support/create-release/release-util.sh:
##########
@@ -30,7 +30,7 @@
DRY_RUN=${DRY_RUN:-1} #default to dry run
DEBUG=${DEBUG:-0}
GPG=${GPG:-gpg}
-GPG_ARGS=(--no-autostart --batch)
+GPG_ARGS=(-v --no-autostart --batch --pinentry-mode error)
Review Comment:
You want to add this?
##########
dev-support/create-release/do-release-docker.sh:
##########
@@ -320,7 +320,7 @@ else
# agent socket and agent extra socket to your local gpg-agent's extra socket. See the README.txt
# for an example.
GPG_PROXY_MOUNT=(--mount \
- "type=bind,src=$(gpgconf --list-dir agent-extra-socket),dst=/home/${USER}/.gnupg/S.gpg-agent")
+ "type=bind,src=$(gpgconf --list-dir agent-socket),dst=/home/${USER}/.gnupg/S.gpg-agent")
Review Comment:
I suppose so. Would be good to try it on linux but going by Mac osx experience, would be surprised if the restricted extra socket worked with the maven gpg plugin pinentry-mode setting.... So yeah, lets make this change.
##########
dev-support/create-release/README.txt:
##########
@@ -105,6 +105,9 @@ $ scp ~/gpg.example.apache.pub example.gce.host:
# gpg-agent's extra socket (this will restrict what commands the remote node is allowed to have
# your agent handle. Note that the gpg guide above can help you set this up in your ssh config
# rather than typing it in ssh like this every time.
+# Note that as of maven-gpg-plugin, with gnupg >= 2.1, the plugin uses `--pinentry-mode error`,
Review Comment:
Want to say more here that the scripts have undone use of extra socket... And add in the paragraph you have at the head of this PR where you note implications of our skirting the 'restricted' socket?
##########
dev-support/create-release/release-util.sh:
##########
@@ -639,10 +639,16 @@ make_binary_release() {
# a third to assemble the binary artifact. Trying to do
# all in the one invocation fails; a problem in our
# assembly spec to in maven. TODO. Meantime, three invocations.
- "${MVN[@]}" clean install -DskipTests
- "${MVN[@]}" site -DskipTests
+ cmd=("${MVN[@]}" clean install -DskipTests)
+ echo "${cmd[*]}"
+ "${cmd[@]}"
+ cmd=("${MVN[@]}" site -DskipTests)
+ echo "${cmd[*]}"
+ "${cmd[@]}"
kick_gpg_agent
- "${MVN[@]}" install assembly:single -DskipTests -Dcheckstyle.skip=true "${PUBLISH_PROFILES[@]}"
+ cmd=("${MVN[@]}" install assembly:single -DskipTests -Dcheckstyle.skip=true "${PUBLISH_PROFILES[@]}")
+ echo "${cmd[*]}"
+ "${cmd[@]}"
Review Comment:
These changes are probably not needed? Or not related to what this PR is about?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] ndimiduk merged pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
ndimiduk merged PR #4716:
URL: https://github.com/apache/hbase/pull/4716
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] ndimiduk commented on pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
ndimiduk commented on PR #4716:
URL: https://github.com/apache/hbase/pull/4716#issuecomment-1307287612
@saintstack @Apache9 what do you think?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
Apache-HBase commented on PR #4716:
URL: https://github.com/apache/hbase/pull/4716#issuecomment-1295259077
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 1m 23s | Docker mode activated. |
| -0 :warning: | yetus | 0m 2s | Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck |
||| _ Prechecks _ |
||| _ master Compile Tests _ |
| +0 :ok: | mvndep | 0m 14s | Maven dependency ordering for branch |
||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 4s | Maven dependency ordering for patch |
||| _ Other Tests _ |
| | | 2m 19s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4716/1/artifact/yetus-jdk11-hadoop3-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/hbase/pull/4716 |
| Optional Tests | |
| uname | Linux 71428d51c9de 5.4.0-1085-aws #92~18.04.1-Ubuntu SMP Wed Aug 31 17:21:08 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/hbase-personality.sh |
| git revision | master / cdabfd3ca8 |
| Max. process+thread count | 42 (vs. ulimit of 30000) |
| modules | C: U: |
| Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4716/1/console |
| versions | git=2.17.1 maven=3.6.3 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
Apache-HBase commented on PR #4716:
URL: https://github.com/apache/hbase/pull/4716#issuecomment-1307331508
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 2m 51s | Docker mode activated. |
| -0 :warning: | yetus | 0m 3s | Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck |
||| _ Prechecks _ |
||| _ master Compile Tests _ |
| +0 :ok: | mvndep | 0m 13s | Maven dependency ordering for branch |
||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 5s | Maven dependency ordering for patch |
||| _ Other Tests _ |
| | | 4m 0s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4716/2/artifact/yetus-jdk8-hadoop3-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/hbase/pull/4716 |
| Optional Tests | |
| uname | Linux 8e0b4a086f59 5.4.0-1088-aws #96~18.04.1-Ubuntu SMP Mon Oct 17 02:57:48 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/hbase-personality.sh |
| git revision | master / 41c7bd3a97 |
| Max. process+thread count | 30 (vs. ulimit of 30000) |
| modules | C: U: |
| Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4716/2/console |
| versions | git=2.34.1 maven=3.8.6 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache9 commented on pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
Apache9 commented on PR #4716:
URL: https://github.com/apache/hbase/pull/4716#issuecomment-1307309050
What do you mean by 'standard socket'?
I'm not an expert here, for me, I always need to change the extra-socket to socket when using the scripts locally on an ubuntu 22.04 machine...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] ndimiduk commented on pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
ndimiduk commented on PR #4716:
URL: https://github.com/apache/hbase/pull/4716#issuecomment-1307339256
> I'm a bit confusing, here you said we must use the 'extra' socket but what you have done in this PR is to remove the usage of 'exrta' socket? Sorry I can not follow.
You're absolutely correct. I've swapped the meaning of "standard" and "extra" in my mind. Sorry to add confusion, I've been away from this issue for a while.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] ndimiduk commented on a diff in pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
ndimiduk commented on code in PR #4716:
URL: https://github.com/apache/hbase/pull/4716#discussion_r952753036
##########
dev-support/create-release/README.txt:
##########
@@ -105,6 +105,9 @@ $ scp ~/gpg.example.apache.pub example.gce.host:
# gpg-agent's extra socket (this will restrict what commands the remote node is allowed to have
# your agent handle. Note that the gpg guide above can help you set this up in your ssh config
# rather than typing it in ssh like this every time.
+# Note that as of maven-gpg-plugin, with gnupg >= 2.1, the plugin uses `--pinentry-mode error`,
Review Comment:
Yeah, lets see if we add a launch flag like Duo suggests. I'll update the readme accordingly.
##########
dev-support/create-release/release-util.sh:
##########
@@ -30,7 +30,7 @@
DRY_RUN=${DRY_RUN:-1} #default to dry run
DEBUG=${DEBUG:-0}
GPG=${GPG:-gpg}
-GPG_ARGS=(--no-autostart --batch)
+GPG_ARGS=(-v --no-autostart --batch --pinentry-mode error)
Review Comment:
I can leave out the `-v`, but the `--pinentry-mode error` is how the maven-gpg-plugin invokes the command. It'll error out rather than giving the user a prompt from pin entry. So, it checks that the socket works, but it will fail if the user has not unlocked the key before starting the build. Maybe we keep this but add another test invocation run from the host environment, in non-`batch` and allow for pin entry?
##########
dev-support/create-release/release-util.sh:
##########
@@ -639,10 +639,16 @@ make_binary_release() {
# a third to assemble the binary artifact. Trying to do
# all in the one invocation fails; a problem in our
# assembly spec to in maven. TODO. Meantime, three invocations.
- "${MVN[@]}" clean install -DskipTests
- "${MVN[@]}" site -DskipTests
+ cmd=("${MVN[@]}" clean install -DskipTests)
+ echo "${cmd[*]}"
+ "${cmd[@]}"
+ cmd=("${MVN[@]}" site -DskipTests)
+ echo "${cmd[*]}"
+ "${cmd[@]}"
kick_gpg_agent
- "${MVN[@]}" install assembly:single -DskipTests -Dcheckstyle.skip=true "${PUBLISH_PROFILES[@]}"
+ cmd=("${MVN[@]}" install assembly:single -DskipTests -Dcheckstyle.skip=true "${PUBLISH_PROFILES[@]}")
+ echo "${cmd[*]}"
+ "${cmd[@]}"
Review Comment:
Not needed but helpful when reading logs. Without this, I can't tell which step is ending in failure. I'm fine with pulling them out to a separate PR if you prefer.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache9 commented on pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
Apache9 commented on PR #4716:
URL: https://github.com/apache/hbase/pull/4716#issuecomment-1272319214
Any updates here? @ndimiduk
> I suppose yes, we could add a configuration option, something like --gnupg-proveledged-socket, defaults to false. When false, it would forward the agent-extra-socket. When true, it would forward agent-socket. Our "dumb" instruction are, try the default first, and if that fails due to permission issue, use --gnupg-proveledged-socket=true.
We want to implement this logic in this PR? Or another PR?
Thanks.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
Apache-HBase commented on PR #4716:
URL: https://github.com/apache/hbase/pull/4716#issuecomment-1233102101
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 0m 35s | Docker mode activated. |
||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. |
| +0 :ok: | shelldocs | 0m 0s | Shelldocs was not available. |
| +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. |
||| _ master Compile Tests _ |
| +0 :ok: | mvndep | 0m 13s | Maven dependency ordering for branch |
| +1 :green_heart: | spotless | 0m 37s | branch has no errors when running spotless:check. |
||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 3s | Maven dependency ordering for patch |
| +1 :green_heart: | hadolint | 0m 2s | There were no new hadolint issues. |
| -0 :warning: | shellcheck | 0m 1s | The patch generated 1 new + 14 unchanged - 0 fixed = 15 total (was 14) |
| +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. |
| +1 :green_heart: | spotless | 0m 37s | patch has no errors when running spotless:check. |
||| _ Other Tests _ |
| +0 :ok: | asflicense | 0m 0s | ASF License check generated no output? |
| | | 3m 9s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4716/2/artifact/yetus-general-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/hbase/pull/4716 |
| Optional Tests | dupname asflicense spotless shellcheck shelldocs hadolint |
| uname | Linux f089e473aa80 5.4.0-1083-aws #90~18.04.1-Ubuntu SMP Fri Aug 5 08:12:44 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/hbase-personality.sh |
| git revision | master / 10d85f3161 |
| shellcheck | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4716/2/artifact/yetus-general-check/output/diff-patch-shellcheck.txt |
| Max. process+thread count | 33 (vs. ulimit of 30000) |
| modules | C: U: |
| Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4716/2/console |
| versions | git=2.17.1 maven=3.6.3 shellcheck=0.4.6 hadolint=1.17.5-0-g443423c |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
Apache-HBase commented on PR #4716:
URL: https://github.com/apache/hbase/pull/4716#issuecomment-1233100180
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 0m 41s | Docker mode activated. |
| -0 :warning: | yetus | 0m 3s | Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck |
||| _ Prechecks _ |
||| _ master Compile Tests _ |
| +0 :ok: | mvndep | 0m 13s | Maven dependency ordering for branch |
||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 3s | Maven dependency ordering for patch |
||| _ Other Tests _ |
| | | 1m 53s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4716/2/artifact/yetus-jdk11-hadoop3-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/hbase/pull/4716 |
| Optional Tests | |
| uname | Linux c290a1f59fd3 5.4.0-1071-aws #76~18.04.1-Ubuntu SMP Mon Mar 28 17:49:57 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/hbase-personality.sh |
| git revision | master / 10d85f3161 |
| Max. process+thread count | 39 (vs. ulimit of 30000) |
| modules | C: U: |
| Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4716/2/console |
| versions | git=2.17.1 maven=3.6.3 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
Apache-HBase commented on PR #4716:
URL: https://github.com/apache/hbase/pull/4716#issuecomment-1222601547
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 0m 20s | Docker mode activated. |
||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. |
| +0 :ok: | shelldocs | 0m 0s | Shelldocs was not available. |
| +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. |
||| _ master Compile Tests _ |
| +0 :ok: | mvndep | 0m 11s | Maven dependency ordering for branch |
| +1 :green_heart: | spotless | 0m 39s | branch has no errors when running spotless:check. |
||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 4s | Maven dependency ordering for patch |
| +1 :green_heart: | hadolint | 0m 2s | There were no new hadolint issues. |
| -0 :warning: | shellcheck | 0m 1s | The patch generated 1 new + 14 unchanged - 0 fixed = 15 total (was 14) |
| +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. |
| +1 :green_heart: | spotless | 0m 36s | patch has no errors when running spotless:check. |
||| _ Other Tests _ |
| +0 :ok: | asflicense | 0m 0s | ASF License check generated no output? |
| | | 2m 52s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4716/1/artifact/yetus-general-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/hbase/pull/4716 |
| Optional Tests | dupname asflicense spotless shellcheck shelldocs hadolint |
| uname | Linux 311fa7eace84 5.4.0-124-generic #140-Ubuntu SMP Thu Aug 4 02:23:37 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/hbase-personality.sh |
| git revision | master / 00a719e76f |
| shellcheck | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4716/1/artifact/yetus-general-check/output/diff-patch-shellcheck.txt |
| Max. process+thread count | 34 (vs. ulimit of 30000) |
| modules | C: U: |
| Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4716/1/console |
| versions | git=2.17.1 maven=3.6.3 shellcheck=0.4.6 hadolint=1.17.5-0-g443423c |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache9 commented on pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
Apache9 commented on PR #4716:
URL: https://github.com/apache/hbase/pull/4716#issuecomment-1225129303
> > I also changed the script locally to use `agent-socket` instead of `agent-extra-socket` but probably this is just a different usage.
> > I own the build machine so I can put the private key on the machine. But IIRC, what @busbey suggested in the past, is to use agent forwarding so you do not need to put your private key on the build machine. See here
> > https://wiki.gnupg.org/AgentForwarding
> > So maybe we could make this configurable? By default we will use local key, but with a special command line argument we could still use the extra socket.
> > Thanks.
>
> When local machine (host) runs Linux, I believe that the script mounts the local `~/.gnupg` directly into the container, so no agent forwarding is used. In this case, I think the default behavior is for `gpg` to communicate with `gpg-agent` over `agent-socket`.
>
> When local machine (host) in MacOS (and presumably also when running Windows), the docker daemon is running inside of a VM (guest), so we have to do this agent-forwarding thing. The suggestion is to use the restricted socket, `agent-extra-socket`, when forwarding. However, we're forwarding to a VM running locally, so I think it's no real security concern.
>
> When local machine is not the build machine, like a build machine (linux) running in public cloud, you should probably just forward the `agent-extra-socket` to the remote host. The build host mounts that socket directly into the docker container, and so it probably fails in the same way as the MacOS version.
>
> So in all cases there's a gpg-agent involved.
>
> I suppose yes, we could add a configuration option, something like `--gnupg-proveledged-socket`, defaults to `false. When `false, it would forward the `agent-extra-socket`. When `true`, it would forward `agent-socket`. Our "dumb" instruction are, try the default first, and if that fails due to permission issue, use `--gnupg-proveledged-socket=true`.
+1
>
> WDYT?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] ndimiduk commented on pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
ndimiduk commented on PR #4716:
URL: https://github.com/apache/hbase/pull/4716#issuecomment-1307294865
I filed and linked to https://issues.apache.org/jira/browse/MGPG-92.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] ndimiduk commented on a diff in pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
ndimiduk commented on code in PR #4716:
URL: https://github.com/apache/hbase/pull/4716#discussion_r959713641
##########
dev-support/create-release/release-util.sh:
##########
@@ -30,7 +30,7 @@
DRY_RUN=${DRY_RUN:-1} #default to dry run
DEBUG=${DEBUG:-0}
GPG=${GPG:-gpg}
-GPG_ARGS=(--no-autostart --batch)
+GPG_ARGS=(-v --no-autostart --batch --pinentry-mode error)
Review Comment:
Looking at this again, you're probably correct that we don't want this added to all invocations. Probably only at the place where we test the environment before proceeding.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] ndimiduk commented on pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
ndimiduk commented on PR #4716:
URL: https://github.com/apache/hbase/pull/4716#issuecomment-1285277185
I've not attempted release candidates anytime recently, so the status here is not changed. There's a couple reviewer questions about the wisdom of exposing the socket with elevated privileges. The changes here that allowed me to proceed may not make sense for other environments. For example, if someone is building an RC on a 3PC, they may not want the full privileged socket exposed to the remote environment. However, I don't know if any of our release managers are building on "untrusted" hardware.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] ndimiduk commented on pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
ndimiduk commented on PR #4716:
URL: https://github.com/apache/hbase/pull/4716#issuecomment-1307286566
Given that with a modern GnuPG and maven-gpg-plugin, this change is necessary for signing/releasing to work, I think that we should merge this patch as is. I don't see a use-case where someone would be able to use the standard socket. We should, perhaps, warn/error in the presence of an old GnuPG.
I also checked the released issues in maven-gpg-plugin 3.1.0 (the latest release), and I see no mention of socket use or `--pinentry-mode error`. I think that we should upgrade to the latest version of the maven-gpg-plugin, but that can be a separate issue.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache9 commented on pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
Apache9 commented on PR #4716:
URL: https://github.com/apache/hbase/pull/4716#issuecomment-1307367720
Ah, OK, no problem.
+1.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
Apache-HBase commented on PR #4716:
URL: https://github.com/apache/hbase/pull/4716#issuecomment-1222602355
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 1m 48s | Docker mode activated. |
| -0 :warning: | yetus | 0m 2s | Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck |
||| _ Prechecks _ |
||| _ master Compile Tests _ |
| +0 :ok: | mvndep | 0m 12s | Maven dependency ordering for branch |
||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 5s | Maven dependency ordering for patch |
||| _ Other Tests _ |
| | | 3m 5s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4716/1/artifact/yetus-jdk11-hadoop3-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/hbase/pull/4716 |
| Optional Tests | |
| uname | Linux b961630d4d1e 5.4.0-122-generic #138-Ubuntu SMP Wed Jun 22 15:00:31 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/hbase-personality.sh |
| git revision | master / 00a719e76f |
| Max. process+thread count | 36 (vs. ulimit of 30000) |
| modules | C: U: |
| Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4716/1/console |
| versions | git=2.17.1 maven=3.6.3 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] ndimiduk commented on a diff in pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
ndimiduk commented on code in PR #4716:
URL: https://github.com/apache/hbase/pull/4716#discussion_r951652623
##########
dev-support/create-release/README.txt:
##########
@@ -105,6 +105,9 @@ $ scp ~/gpg.example.apache.pub example.gce.host:
# gpg-agent's extra socket (this will restrict what commands the remote node is allowed to have
# your agent handle. Note that the gpg guide above can help you set this up in your ssh config
# rather than typing it in ssh like this every time.
+# Note that as of maven-gpg-plugin, with gnupg >= 2.1, the plugin uses `--pinentry-mode error`,
Review Comment:
this should have been "as of maven-gpg-plugin 3.0.1"
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache9 commented on pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
Apache9 commented on PR #4716:
URL: https://github.com/apache/hbase/pull/4716#issuecomment-1284839971
Any progress here? @ndimiduk
With HBASE-25983, we are ready to move the release process to jdk11. And for HBASE-27359, we also need to change the release scripts to generate different artifacts for hadoop2 and hadoop3.
Can we land the improvements to the release scripts here now and start the above works?
Thanks.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache9 commented on pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
Apache9 commented on PR #4716:
URL: https://github.com/apache/hbase/pull/4716#issuecomment-1285376347
> I've not attempted release candidates anytime recently, so the status here is not changed. There's a couple reviewer questions about the wisdom of exposing the socket with elevated privileges. The changes here that allowed me to proceed may not make sense for other environments. For example, if someone is building an RC on a 3PC, they may not want the full privileged socket exposed to the remote environment. However, I don't know if any of our release managers are building on "untrusted" hardware.
I think we could introduce a flag to control the behavior? i.e, mounting agent-socket or agent-extra-socket, and we could still make the default to mount agent-extra-socket, which is the same with the current behavior.
Anyway, if this is not to be landed in the new future, I will try to land other improvements first.
Thanks @ndimiduk !
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
Apache-HBase commented on PR #4716:
URL: https://github.com/apache/hbase/pull/4716#issuecomment-1233101325
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 1m 23s | Docker mode activated. |
| -0 :warning: | yetus | 0m 3s | Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck |
||| _ Prechecks _ |
||| _ master Compile Tests _ |
| +0 :ok: | mvndep | 0m 14s | Maven dependency ordering for branch |
||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 4s | Maven dependency ordering for patch |
||| _ Other Tests _ |
| | | 2m 46s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4716/2/artifact/yetus-jdk8-hadoop3-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/hbase/pull/4716 |
| Optional Tests | |
| uname | Linux 17d96a9503af 5.4.0-1081-aws #88~18.04.1-Ubuntu SMP Thu Jun 23 16:29:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/hbase-personality.sh |
| git revision | master / 10d85f3161 |
| Max. process+thread count | 30 (vs. ulimit of 30000) |
| modules | C: U: |
| Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4716/2/console |
| versions | git=2.17.1 maven=3.6.3 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] ndimiduk commented on pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
ndimiduk commented on PR #4716:
URL: https://github.com/apache/hbase/pull/4716#issuecomment-1224209423
> I also changed the script locally to use `agent-socket` instead of `agent-extra-socket` but probably this is just a different usage.
>
> I own the build machine so I can put the private key on the machine. But IIRC, what @busbey suggested in the past, is to use agent forwarding so you do not need to put your private key on the build machine. See here
>
> https://wiki.gnupg.org/AgentForwarding
>
> So maybe we could make this configurable? By default we will use local key, but with a special command line argument we could still use the extra socket.
>
> Thanks.
When local machine (host) runs Linux, I believe that the script mounts the local `~/.gnupg` directly into the container, so no agent forwarding is used. In this case, I think the default behavior is for `gpg` to communicate with `gpg-agent` over `agent-socket`.
When local machine (host) in MacOS (and presumably also when running Windows), the docker daemon is running inside of a VM (guest), so we have to do this agent-forwarding thing. The suggestion is to use the restricted socket, `agent-extra-socket`, when forwarding. However, we're forwarding to a VM running locally, so I think it's no real security concern.
When local machine is not the build machine, like a build machine (linux) running in public cloud, you should probably just forward the `agent-extra-socket` to the remote host. The build host mounts that socket directly into the docker container, and so it probably fails in the same way as the MacOS version.
So in all cases there's a gpg-agent involved.
I suppose yes, we could add a configuration option, something like `--gnupg-proveledged-socket`, defaults to `false. When `false, it would forward the `agent-extra-socket`. When `true`, it would forward `agent-socket`. Our "dumb" instruction are, try the default first, and if that fails due to permission issue, use `--gnupg-proveledged-socket=true`.
WDYT?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
Apache-HBase commented on PR #4716:
URL: https://github.com/apache/hbase/pull/4716#issuecomment-1295258678
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 0m 39s | Docker mode activated. |
| -0 :warning: | yetus | 0m 3s | Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck |
||| _ Prechecks _ |
||| _ master Compile Tests _ |
| +0 :ok: | mvndep | 0m 14s | Maven dependency ordering for branch |
||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 3s | Maven dependency ordering for patch |
||| _ Other Tests _ |
| | | 1m 36s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4716/1/artifact/yetus-jdk8-hadoop3-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/hbase/pull/4716 |
| Optional Tests | |
| uname | Linux db80b79bd49d 5.4.0-1088-aws #96~18.04.1-Ubuntu SMP Mon Oct 17 02:57:48 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/hbase-personality.sh |
| git revision | master / cdabfd3ca8 |
| Max. process+thread count | 33 (vs. ulimit of 30000) |
| modules | C: U: |
| Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4716/1/console |
| versions | git=2.17.1 maven=3.6.3 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] ndimiduk commented on pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x
Posted by GitBox <gi...@apache.org>.
ndimiduk commented on PR #4716:
URL: https://github.com/apache/hbase/pull/4716#issuecomment-1307327959
@Apache9
> What do you mean by 'standard socket'?
The best summary description that I've found of the various gpg-agent sockets is https://unix.stackexchange.com/a/605639. It refers to entries in the Arch Linux wiki, so it may not be authoritative.
> I'm not an expert here, for me, I always need to change the extra-socket to socket when using the scripts locally on an ubuntu 22.04 machine...
Yes, this is my point -- since we upgraded to this combination of gpg and maven-gpg-plugin, builds require use of the `extra` socket. This is why I think that we should merge this patch as is, without adding extract flags to enable the user to select which socket is used.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org