incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luciano Resende <luckbr1...@gmail.com>
Subject Re: [VOTE] Apache Toree (incubating) 0.1.0-rc6 as 0.1.0
Date Mon, 27 Mar 2017 02:43:07 GMT
On Fri, Mar 24, 2017 at 4:18 PM, Katherine Marsden <kmarsden@apache.org>
wrote:

> On 2/21/17 12:13 PM, Chip Senkbeil wrote:
>
>> Please vote on releasing the following candidate as Apache Toree
>> (incubating) version 0.1.0.
>>
>
> I have a question about checksums and really about the validation script
> in the release: etc/tools/verify-release. Should I be concerned about the
> below or is it (likely) user error?
>
>
>
> If I run the script I get failures:
>
> $ ./etc/tools/verify-release  *.gz
> ERROR: SHA checksum of /Users/kmarsden/Documents/proj
> ects/toree/apache-toree-0.1.0-incubating-source-release.tar.gz does not
> match!
> ERROR: MD5 checksum of /Users/kmarsden/Documents/proj
> ects/toree/apache-toree-0.1.0-incubating-source-release.tar.gz does not
> match!
> Signature And Checksum Audit:
> /Users/kmarsden/Documents/projects/toree/apache-toree-0.1.0-
> incubating-source-release.tar.gz
>         ✓ apache-toree-0.1.0-incubating-source-release.tar.gz.asc
>         x apache-toree-0.1.0-incubating-source-release.tar.gz.sha
>         x apache-toree-0.1.0-incubating-source-release.tar.gz.md5
>
>
>
> When I check the checksums manually they match except of course the path
> reported is different and have not investigated but am guessing it is the
> different path that is the reason for the failure of the script.
>
> $ gpg --print-md SHA512 *.gz
>
> toree-0.1.0-incubating-source-release.tar.gz:
> B704A508 BD9A4CB7 CBF2BE0B C08E11D3 3A0FA9D5 691F7BBB B0610706 D17B7FB1
> 50183A79
>  1DF9BE06 63E2E777 90F04764 71DC1D3C EE2C6268 2B4DCA8E 0EB06ED9
>
>
> $ cat *.sha
> /home/senkwich/projects/work/incubator-toree/dist/toree-src/
> apache-toree-0.1.0-incubating-source-release.tar.gz:
> B704A508 BD9A4CB7 CBF2BE0B C08E11D3 3A0FA9D5 691F7BBB B0610706 D17B7FB1
> 50183A79
>  1DF9BE06 63E2E777 90F04764 71DC1D3C EE2C6268 2B4DCA8E 0EB06ED9
>
>
> $ gpg --print-md MD5 *.gz
> apache-toree-0.1.0-incubating-source-release.tar.gz:
> CC 71 8A 4B 92 B1 41 6B  A7 12 4B 2B 58 B8 00 49
>
> $ cat *.md5
> /home/senkwich/projects/work/incubator-toree/dist/toree-src/
> apache-toree-0.1.0-incubating-source-release.tar.gz:
> CC 71 8A 4B 92 B1 41 6B  A7 12 4B 2B 58 B8 00 49
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>


Thanks Katherine for helping with the release candidate review. I have not
used any distribution specific files for validating the release, but when
you do the validation with gpg for example, it seems to be ok :

gpg --verify apache-toree-0.1.0-incubating-binary-release.tar.gz.asc
apache-toree-0.1.0-incubating-binary-release.tar.gz
gpg: Signature made Thu Feb 16 08:53:58 2017 PST using RSA key ID 8E3B4BBA
gpg: Good signature from "Robert "Chip" Senkbeil (COMMON KEY) <
chip.senkbeil@gmail.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.

Primary key fingerprint: B063 F4E6 023E 4CB6 7372  45AB 4282 790F 8E3B 4BBA

or for md5

$ md5 apache-toree-0.1.0-incubating-binary-release.tar.gz
MD5 (apache-toree-0.1.0-incubating-binary-release.tar.gz) =
7363ea5b8a366cb965b29ed9fd25c196

$ more apache-toree-0.1.0-incubating-binary-release.tar.gz.md5
/home/senkwich/projects/work/incubator-toree/dist/toree-bin/apache-toree-0.1.0-incubating-binary-release.tar.gz:

73 63 EA 5B 8A 36 6C B9  65 B2 9E D9 FD 25 C1 96

So I believe they are ok, and the script might be an inprogress tool from
the RM.

-- 
Luciano Resende
http://twitter.com/lresende1975
http://lresende.blogspot.com/

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message