You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@flink.apache.org by Fabian Hueske <fh...@gmail.com> on 2018/10/01 09:59:13 UTC

Re: flink-1.6.1-bin-scala_2.11.tgz fails signture and hash verification

Hi Gianluca,

I tried to validate the issue but hash and signature are OK for me.

Do you remember which mirror you used to download the binaries?

Best, Fabian


Am Sa., 29. Sep. 2018 um 17:24 Uhr schrieb vino yang <yanghua1127@gmail.com
>:

> Hi Gianluca,
>
> This is very strange, Till may be able to give an explanation, because it
> is the release manager of this version.
>
> Thanks, vino.
>
> Gianluca Ortelli <gi...@mediadistillery.com> 于2018年9月28日周五 下午4:02写道：
>
>> Hi,
>>
>> I just downloaded flink-1.6.1-bin-scala_2.11.tgz from
>> https://flink.apache.org/downloads.html and noticed that it fails
>> signature verification with a
>>
>> gpg: BAD signature from "Till Rohrmann (stsffap) <tr...@apache.org>"
>>
>> message. The sha512 hash doesn't match either.
>>
>> I switched to 1.6.0, which verifies OK.
>>
>> Best regards,
>> Gianluca
>>
>

Re: flink-1.6.1-bin-scala_2.11.tgz fails signture and hash verification

Posted by Till Rohrmann <tr...@apache.org>.

This is unfortunately the realm of the ASF over which we don't have direct
control. We could think about filing an INFRA JIRA ticket to report this
problem (if it can be backtracked).

On Mon, Oct 1, 2018 at 2:42 PM Gianluca Ortelli <
gianluca@mediadistillery.com> wrote:

> Hi Till,
>
> I also believe that it's a problem with a single mirror. It was not a
> blocking problem for me; I just wanted you to be aware of it, in case you
> have some policy regarding the management of mirrors.
>
> Best,
> Gianluca
>
>
> On Mon, 1 Oct 2018 at 14:27, Till Rohrmann <tr...@apache.org> wrote:
>
>> Hi Gianluca,
>>
>> I've downloaded flink-1.6.1-bin-scala_2.11.tgz from here [1] and verified
>> that the shasum512 and the signature are both correct.
>>
>> The only way I could explain this is that either your downloaded
>> artifacts or the mirror you got the binaries from got corrupted.
>>
>> [1] https://dist.apache.org/repos/dist/release/flink/flink-1.6.1/
>>
>> Cheers,
>> Till
>>
>> On Mon, Oct 1, 2018 at 12:07 PM Gianluca Ortelli <
>> gianluca@mediadistillery.com> wrote:
>>
>>> Hi Fabian,
>>>
>>> the mirror is
>>> https://www.apache.org/dyn/closer.lua/flink/flink-1.6.1/flink-1.6.1-bin-scala_2.11.tgz
>>>
>>> I just tried a download and the hash is still wrong: it should be
>>>
>>>
>>> d0153bad859e3c2da7e73299837f95670279b3102a0982809f56eb61875908a10120e82bc2dca59972e912c0221cbbfd01f4cd1128a92dd37358e28fe1f76f2f
>>>
>>> but instead it's
>>>
>>>
>>> 9b4ceb7ad59df27ea4c12d15845165dcf64675a26161d502d399234ae237f40f719ab6da4fac7ba210a20aa82364b5ac0377b06a1324e21516198b7a23b5d19c
>>>
>>> Best regards,
>>> Gianluca
>>>
>>>
>>> On Mon, 1 Oct 2018 at 11:59, Fabian Hueske <fh...@gmail.com> wrote:
>>>
>>>> Hi Gianluca,
>>>>
>>>> I tried to validate the issue but hash and signature are OK for me.
>>>>
>>>> Do you remember which mirror you used to download the binaries?
>>>>
>>>> Best, Fabian
>>>>
>>>>
>>>> Am Sa., 29. Sep. 2018 um 17:24 Uhr schrieb vino yang <
>>>> yanghua1127@gmail.com>:
>>>>
>>>>> Hi Gianluca,
>>>>>
>>>>> This is very strange, Till may be able to give an explanation, because
>>>>> it is the release manager of this version.
>>>>>
>>>>> Thanks, vino.
>>>>>
>>>>> Gianluca Ortelli <gi...@mediadistillery.com> 于2018年9月28日周五
>>>>> 下午4:02写道：
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I just downloaded flink-1.6.1-bin-scala_2.11.tgz from
>>>>>> https://flink.apache.org/downloads.html and noticed that it fails
>>>>>> signature verification with a
>>>>>>
>>>>>> gpg: BAD signature from "Till Rohrmann (stsffap) <
>>>>>> trohrmann@apache.org>"
>>>>>>
>>>>>> message. The sha512 hash doesn't match either.
>>>>>>
>>>>>> I switched to 1.6.0, which verifies OK.
>>>>>>
>>>>>> Best regards,
>>>>>> Gianluca
>>>>>>
>>>>>

Re: flink-1.6.1-bin-scala_2.11.tgz fails signture and hash verification

Posted by Gianluca Ortelli <gi...@mediadistillery.com>.

Hi Till,

I also believe that it's a problem with a single mirror. It was not a
blocking problem for me; I just wanted you to be aware of it, in case you
have some policy regarding the management of mirrors.

Best,
Gianluca


On Mon, 1 Oct 2018 at 14:27, Till Rohrmann <tr...@apache.org> wrote:

> Hi Gianluca,
>
> I've downloaded flink-1.6.1-bin-scala_2.11.tgz from here [1] and verified
> that the shasum512 and the signature are both correct.
>
> The only way I could explain this is that either your downloaded artifacts
> or the mirror you got the binaries from got corrupted.
>
> [1] https://dist.apache.org/repos/dist/release/flink/flink-1.6.1/
>
> Cheers,
> Till
>
> On Mon, Oct 1, 2018 at 12:07 PM Gianluca Ortelli <
> gianluca@mediadistillery.com> wrote:
>
>> Hi Fabian,
>>
>> the mirror is
>> https://www.apache.org/dyn/closer.lua/flink/flink-1.6.1/flink-1.6.1-bin-scala_2.11.tgz
>>
>> I just tried a download and the hash is still wrong: it should be
>>
>>
>> d0153bad859e3c2da7e73299837f95670279b3102a0982809f56eb61875908a10120e82bc2dca59972e912c0221cbbfd01f4cd1128a92dd37358e28fe1f76f2f
>>
>> but instead it's
>>
>>
>> 9b4ceb7ad59df27ea4c12d15845165dcf64675a26161d502d399234ae237f40f719ab6da4fac7ba210a20aa82364b5ac0377b06a1324e21516198b7a23b5d19c
>>
>> Best regards,
>> Gianluca
>>
>>
>> On Mon, 1 Oct 2018 at 11:59, Fabian Hueske <fh...@gmail.com> wrote:
>>
>>> Hi Gianluca,
>>>
>>> I tried to validate the issue but hash and signature are OK for me.
>>>
>>> Do you remember which mirror you used to download the binaries?
>>>
>>> Best, Fabian
>>>
>>>
>>> Am Sa., 29. Sep. 2018 um 17:24 Uhr schrieb vino yang <
>>> yanghua1127@gmail.com>:
>>>
>>>> Hi Gianluca,
>>>>
>>>> This is very strange, Till may be able to give an explanation, because
>>>> it is the release manager of this version.
>>>>
>>>> Thanks, vino.
>>>>
>>>> Gianluca Ortelli <gi...@mediadistillery.com> 于2018年9月28日周五 下午4:02写道：
>>>>
>>>>> Hi,
>>>>>
>>>>> I just downloaded flink-1.6.1-bin-scala_2.11.tgz from
>>>>> https://flink.apache.org/downloads.html and noticed that it fails
>>>>> signature verification with a
>>>>>
>>>>> gpg: BAD signature from "Till Rohrmann (stsffap) <trohrmann@apache.org
>>>>> >"
>>>>>
>>>>> message. The sha512 hash doesn't match either.
>>>>>
>>>>> I switched to 1.6.0, which verifies OK.
>>>>>
>>>>> Best regards,
>>>>> Gianluca
>>>>>
>>>>

Re: flink-1.6.1-bin-scala_2.11.tgz fails signture and hash verification

Posted by Till Rohrmann <tr...@apache.org>.

Hi Gianluca,

I've downloaded flink-1.6.1-bin-scala_2.11.tgz from here [1] and verified
that the shasum512 and the signature are both correct.

The only way I could explain this is that either your downloaded artifacts
or the mirror you got the binaries from got corrupted.

[1] https://dist.apache.org/repos/dist/release/flink/flink-1.6.1/

Cheers,
Till

On Mon, Oct 1, 2018 at 12:07 PM Gianluca Ortelli <
gianluca@mediadistillery.com> wrote:

> Hi Fabian,
>
> the mirror is
> https://www.apache.org/dyn/closer.lua/flink/flink-1.6.1/flink-1.6.1-bin-scala_2.11.tgz
>
> I just tried a download and the hash is still wrong: it should be
>
>
> d0153bad859e3c2da7e73299837f95670279b3102a0982809f56eb61875908a10120e82bc2dca59972e912c0221cbbfd01f4cd1128a92dd37358e28fe1f76f2f
>
> but instead it's
>
>
> 9b4ceb7ad59df27ea4c12d15845165dcf64675a26161d502d399234ae237f40f719ab6da4fac7ba210a20aa82364b5ac0377b06a1324e21516198b7a23b5d19c
>
> Best regards,
> Gianluca
>
>
> On Mon, 1 Oct 2018 at 11:59, Fabian Hueske <fh...@gmail.com> wrote:
>
>> Hi Gianluca,
>>
>> I tried to validate the issue but hash and signature are OK for me.
>>
>> Do you remember which mirror you used to download the binaries?
>>
>> Best, Fabian
>>
>>
>> Am Sa., 29. Sep. 2018 um 17:24 Uhr schrieb vino yang <
>> yanghua1127@gmail.com>:
>>
>>> Hi Gianluca,
>>>
>>> This is very strange, Till may be able to give an explanation, because
>>> it is the release manager of this version.
>>>
>>> Thanks, vino.
>>>
>>> Gianluca Ortelli <gi...@mediadistillery.com> 于2018年9月28日周五 下午4:02写道：
>>>
>>>> Hi,
>>>>
>>>> I just downloaded flink-1.6.1-bin-scala_2.11.tgz from
>>>> https://flink.apache.org/downloads.html and noticed that it fails
>>>> signature verification with a
>>>>
>>>> gpg: BAD signature from "Till Rohrmann (stsffap) <trohrmann@apache.org
>>>> >"
>>>>
>>>> message. The sha512 hash doesn't match either.
>>>>
>>>> I switched to 1.6.0, which verifies OK.
>>>>
>>>> Best regards,
>>>> Gianluca
>>>>
>>>

Re: flink-1.6.1-bin-scala_2.11.tgz fails signture and hash verification

Posted by Gianluca Ortelli <gi...@mediadistillery.com>.

Hi Fabian,

the mirror is
https://www.apache.org/dyn/closer.lua/flink/flink-1.6.1/flink-1.6.1-bin-scala_2.11.tgz

I just tried a download and the hash is still wrong: it should be

d0153bad859e3c2da7e73299837f95670279b3102a0982809f56eb61875908a10120e82bc2dca59972e912c0221cbbfd01f4cd1128a92dd37358e28fe1f76f2f

but instead it's

9b4ceb7ad59df27ea4c12d15845165dcf64675a26161d502d399234ae237f40f719ab6da4fac7ba210a20aa82364b5ac0377b06a1324e21516198b7a23b5d19c

Best regards,
Gianluca


On Mon, 1 Oct 2018 at 11:59, Fabian Hueske <fh...@gmail.com> wrote:

> Hi Gianluca,
>
> I tried to validate the issue but hash and signature are OK for me.
>
> Do you remember which mirror you used to download the binaries?
>
> Best, Fabian
>
>
> Am Sa., 29. Sep. 2018 um 17:24 Uhr schrieb vino yang <
> yanghua1127@gmail.com>:
>
>> Hi Gianluca,
>>
>> This is very strange, Till may be able to give an explanation, because it
>> is the release manager of this version.
>>
>> Thanks, vino.
>>
>> Gianluca Ortelli <gi...@mediadistillery.com> 于2018年9月28日周五 下午4:02写道：
>>
>>> Hi,
>>>
>>> I just downloaded flink-1.6.1-bin-scala_2.11.tgz from
>>> https://flink.apache.org/downloads.html and noticed that it fails
>>> signature verification with a
>>>
>>> gpg: BAD signature from "Till Rohrmann (stsffap) <tr...@apache.org>"
>>>
>>> message. The sha512 hash doesn't match either.
>>>
>>> I switched to 1.6.0, which verifies OK.
>>>
>>> Best regards,
>>> Gianluca
>>>
>>