www-infrastructure-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Demers (Issue Comment Edited) (JIRA)" <j...@apache.org>
Subject [jira] [Issue Comment Edited] (INFRA-4079) maven "staging signature violation"
Date Wed, 02 Nov 2011 19:41:32 GMT

    [ https://issues.apache.org/jira/browse/INFRA-4079?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13142447#comment-13142447
] 

Brian Demers edited comment on INFRA-4079 at 11/2/11 7:40 PM:
--------------------------------------------------------------

I'm not sure here, I'd need to dig a bit more.  But, on the surface it looks like you signed
it with a different key.

Here are some examples of a couple files I did some quick checking on.  Yours (the top one)
is an RSA key (though that should not matter)
The key ids are in bold.

https://repository.apache.org/service/local/repositories/orgapachemrunit-136/content/org/apache/mrunit/mrunit/0.5.0-incubating/mrunit-0.5.0-incubating.pom.asc
publicKey:

	Key:	-1429160167159037067 *ec2a9a6665590375*
	Signature Type:	0
	Version:		3
	Key Algorithm:	RSA_GENERAL
	HashAlgorithm:	SHA1
	Creation Time:	Tue Nov 01 16:58:58 EDT 2011
Signature contains no Unhashed Sub Packets

com.sonatype.mercury.plexus.pgp.PgpVerifierNoKeyException: No key found for id: ec2a9a6665590375,
http results: ec2a9a6665590375@http://pgp.mit.edu:11371/ : Failed (HTTP response code=500

Here are some examples

https://repository.apache.org/content/repositories/orgapachejames-135/org/apache/james/james-project/1.7/james-project-1.7.pom.asc
publicKey:

	Key:	-2713888232105531279 *da5655081d3ca871*
	Signature Type:	0
	Version:		4
	Key Algorithm:	DSA
	HashAlgorithm:	SHA1
	Creation Time:	Tue Nov 01 10:41:50 EDT 2011
	Issuer Id:	-2713888232105531279 da5655081d3ca871
	Signer User Id:	null
	
https://repository.apache.org/content/repositories/releases/org/apache/maven/indexer/indexer-core/3.1.0/indexer-core-3.1.0.pom.asc
publicKey:

	Key:	5933621922531918186 *525875b36bfc416a*
	Signature Type:	0
	Version:		4
	Key Algorithm:	DSA
	HashAlgorithm:	SHA1
	Creation Time:	Tue Nov 23 13:37:20 EST 2010
	Issuer Id:	5933621922531918186 525875b36bfc416a
	Signer User Id:	null


Any thoughts ?
                
      was (Author: bdemers):
    I'm not sure here, I'd need to dig a bit more.  But, on the surface it looks like you
signed it with a different key.

Here are some examples of a couple files I did some quick checking on.  Yours (the top one)
is an RSA key (though that should not matter)
The key ids are in bold.

https://repository.apache.org/service/local/repositories/orgapachemrunit-136/content/org/apache/mrunit/mrunit/0.5.0-incubating/mrunit-0.5.0-incubating.pom.asc
publicKey:

	Key:	-1429160167159037067 *ec2a9a6665590375*
	Signature Type:	0
	Version:		3
	Key Algorithm:	RSA_GENERAL
	HashAlgorithm:	SHA1
	Creation Time:	Tue Nov 01 16:58:58 EDT 2011
Signature contains no Unhashed Sub Packets

com.sonatype.mercury.plexus.pgp.PgpVerifierNoKeyException: No key found for id: ec2a9a6665590375,
http results: ec2a9a6665590375@http://pgp.mit.edu:11371/ : Failed (HTTP response code=500

Here are some examples

https://repository.apache.org/content/repositories/orgapachejames-135/org/apache/james/james-project/1.7/james-project-1.7.pom.asc
publicKey:

	Key:	-2713888232105531279 *da5655081d3ca871*
	Signature Type:	0
	Version:		4
	Key Algorithm:	DSA
	HashAlgorithm:	SHA1
	Creation Time:	Tue Nov 01 10:41:50 EDT 2011
	Issuer Id:	-2713888232105531279 da5655081d3ca871
	Signer User Id:	null
	
https://repository.apache.org/content/repositories/releases/org/apache/maven/indexer/indexer-core/3.1.0/indexer-core-3.1.0.pom.asc
publicKey:

	Key:	5933621922531918186 *525875b36bfc416a*
	Signature Type:	0
	Version:		4
	Key Algorithm:	DSA
	HashAlgorithm:	SHA1
	Creation Time:	Tue Nov 23 13:37:20 EST 2010
	Issuer Id:	5933621922531918186 525875b36bfc416a
	Signer User Id:	null
                  
> maven "staging signature violation"
> -----------------------------------
>
>                 Key: INFRA-4079
>                 URL: https://issues.apache.org/jira/browse/INFRA-4079
>             Project: Infrastructure
>          Issue Type: Task
>      Security Level: public(Regular issues) 
>          Components: Nexus
>            Reporter: Brock Noland
>            Assignee: Brian Demers
>         Attachments: Screen shot 2011-11-01 at 4.51.50 PM.png
>
>
> I am trying to "close" a staging repository and I am getting a "staging signature violation"
saying it could not find my key in the public key repos. however, as far as I am aware my
key is there:
> http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0xD516439AC89424B3
> I am sure this is my fault, but I am not sure how.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message