You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@arrow.apache.org by pa...@apache.org on 2023/06/19 13:30:09 UTC
[arrow-nanoarrow] branch main updated: chore: Allow skipping key verification on centos7 (#240)
This is an automated email from the ASF dual-hosted git repository.
paleolimbot pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow-nanoarrow.git
The following commit(s) were added to refs/heads/main by this push:
new 4c5b247 chore: Allow skipping key verification on centos7 (#240)
4c5b247 is described below
commit 4c5b2476d69027bd66af933b8c3199587b68f5b0
Author: Dewey Dunnington <de...@dunnington.ca>
AuthorDate: Mon Jun 19 10:30:03 2023 -0300
chore: Allow skipping key verification on centos7 (#240)
...because something about the gpg version on centos7 is too old (
https://github.com/apache/arrow-nanoarrow/actions/runs/5293770871/jobs/9582325801#step:4:337
).
---
.github/workflows/verify.yaml | 6 +++++-
dev/release/README.md | 5 +++++
dev/release/verify-release-candidate.sh | 11 ++++++++++-
3 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/verify.yaml b/.github/workflows/verify.yaml
index c3dcd5e..7fe3150 100644
--- a/.github/workflows/verify.yaml
+++ b/.github/workflows/verify.yaml
@@ -147,7 +147,11 @@ jobs:
- {platform: "fedora", arch: "amd64"}
- {platform: "archlinux", arch: "amd64"}
- {platform: "alpine", arch: "amd64"}
- - {platform: "centos7", arch: "amd64"}
+ - {
+ platform: "centos7",
+ arch: "amd64",
+ compose_args: "-e NANOARROW_ACCEPT_IMPORT_GPG_KEYS_ERROR=1"
+ }
- {
platform: "ubuntu",
arch: "amd64",
diff --git a/dev/release/README.md b/dev/release/README.md
index 71ea076..cf92e7b 100644
--- a/dev/release/README.md
+++ b/dev/release/README.md
@@ -235,6 +235,11 @@ curl -L https://github.com/apache/arrow/archive/refs/tags/apache-arrow-9.0.0.tar
export NANOARROW_CMAKE_OPTIONS="-DArrow_DIR=$(pwd)/arrow/lib/cmake/Arrow"
export CMAKE_BIN=cmake3
export CTEST_BIN=ctest3
+
+# gpg on centos7 errors for some keys in the Arrow KEYS file. This does
+# not skip verifying signatures, just allows errors for unsupported entries in
+# the global Arrow KEYS file.
+export NANOARROW_ACCEPT_IMPORT_GPG_KEYS_ERROR=1
```
### Big endian
diff --git a/dev/release/verify-release-candidate.sh b/dev/release/verify-release-candidate.sh
index d513cf0..321100f 100755
--- a/dev/release/verify-release-candidate.sh
+++ b/dev/release/verify-release-candidate.sh
@@ -31,6 +31,10 @@
# If unset, the script will check out a version into NANOARROW_TMPDIR.
# - NANOARROW_TMPDIR: Use to specify a persistent directory such that verification
# results are more easily retrieved.
+# - NANOARROW_ACCEPT_IMPORT_GPG_KEYS_ERROR: Don't stop verification even when
+# "gpg --import KEYS" returns an error. In general, we should not use this
+# to ensure importing all GPG keys. But newer algorithms such as ed25519 may
+# not be supported in old GPG such as GPG on CentOS 7.
# - TEST_SOURCE: Set to 0 to selectively run component verification.
# - TEST_C: Builds C libraries and tests using the default CMake
# configuration. Defaults to the value of TEST_SOURCE.
@@ -114,7 +118,12 @@ import_gpg_keys() {
return 0
fi
download_dist_file KEYS
- gpg --import KEYS
+
+ if [ "${NANOARROW_ACCEPT_IMPORT_GPG_KEYS_ERROR:-0}" -gt 0 ]; then
+ gpg --import KEYS || true
+ else
+ gpg --import KEYS
+ fi
GPGKEYS_ALREADY_IMPORTED=1
}