On Fri, Mar 24, 2017 at 4:18 PM, Katherine Marsden <kmars...@apache.org> wrote:
> On 2/21/17 12:13 PM, Chip Senkbeil wrote: > >> Please vote on releasing the following candidate as Apache Toree >> (incubating) version 0.1.0. >> > > I have a question about checksums and really about the validation script > in the release: etc/tools/verify-release. Should I be concerned about the > below or is it (likely) user error? > > > > If I run the script I get failures: > > $ ./etc/tools/verify-release *.gz > ERROR: SHA checksum of /Users/kmarsden/Documents/proj > ects/toree/apache-toree-0.1.0-incubating-source-release.tar.gz does not > match! > ERROR: MD5 checksum of /Users/kmarsden/Documents/proj > ects/toree/apache-toree-0.1.0-incubating-source-release.tar.gz does not > match! > Signature And Checksum Audit: > /Users/kmarsden/Documents/projects/toree/apache-toree-0.1.0- > incubating-source-release.tar.gz > ✓ apache-toree-0.1.0-incubating-source-release.tar.gz.asc > x apache-toree-0.1.0-incubating-source-release.tar.gz.sha > x apache-toree-0.1.0-incubating-source-release.tar.gz.md5 > > > > When I check the checksums manually they match except of course the path > reported is different and have not investigated but am guessing it is the > different path that is the reason for the failure of the script. > > $ gpg --print-md SHA512 *.gz > > toree-0.1.0-incubating-source-release.tar.gz: > B704A508 BD9A4CB7 CBF2BE0B C08E11D3 3A0FA9D5 691F7BBB B0610706 D17B7FB1 > 50183A79 > 1DF9BE06 63E2E777 90F04764 71DC1D3C EE2C6268 2B4DCA8E 0EB06ED9 > > > $ cat *.sha > /home/senkwich/projects/work/incubator-toree/dist/toree-src/ > apache-toree-0.1.0-incubating-source-release.tar.gz: > B704A508 BD9A4CB7 CBF2BE0B C08E11D3 3A0FA9D5 691F7BBB B0610706 D17B7FB1 > 50183A79 > 1DF9BE06 63E2E777 90F04764 71DC1D3C EE2C6268 2B4DCA8E 0EB06ED9 > > > $ gpg --print-md MD5 *.gz > apache-toree-0.1.0-incubating-source-release.tar.gz: > CC 71 8A 4B 92 B1 41 6B A7 12 4B 2B 58 B8 00 49 > > $ cat *.md5 > /home/senkwich/projects/work/incubator-toree/dist/toree-src/ > apache-toree-0.1.0-incubating-source-release.tar.gz: > CC 71 8A 4B 92 B1 41 6B A7 12 4B 2B 58 B8 00 49 > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > > Thanks Katherine for helping with the release candidate review. I have not used any distribution specific files for validating the release, but when you do the validation with gpg for example, it seems to be ok : gpg --verify apache-toree-0.1.0-incubating-binary-release.tar.gz.asc apache-toree-0.1.0-incubating-binary-release.tar.gz gpg: Signature made Thu Feb 16 08:53:58 2017 PST using RSA key ID 8E3B4BBA gpg: Good signature from "Robert "Chip" Senkbeil (COMMON KEY) < chip.senkb...@gmail.com>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: B063 F4E6 023E 4CB6 7372 45AB 4282 790F 8E3B 4BBA or for md5 $ md5 apache-toree-0.1.0-incubating-binary-release.tar.gz MD5 (apache-toree-0.1.0-incubating-binary-release.tar.gz) = 7363ea5b8a366cb965b29ed9fd25c196 $ more apache-toree-0.1.0-incubating-binary-release.tar.gz.md5 /home/senkwich/projects/work/incubator-toree/dist/toree-bin/apache-toree-0.1.0-incubating-binary-release.tar.gz: 73 63 EA 5B 8A 36 6C B9 65 B2 9E D9 FD 25 C1 96 So I believe they are ok, and the script might be an inprogress tool from the RM. -- Luciano Resende http://twitter.com/lresende1975 http://lresende.blogspot.com/
