Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
Drill, mail # dev - Call for Release Vote: Apache Drill Milestone 1 Release (a.k.a Alpha)


Copy link to this message
-
Re: Call for Release Vote: Apache Drill Milestone 1 Release (a.k.a Alpha)
Jacques Nadeau 2013-09-04, 21:00
That's what I get for manually renaming the artifacts to post them.
On Wed, Sep 4, 2013 at 12:49 PM, Ted Dunning <[EMAIL PROTECTED]> wrote:

> I have verified the signatures.
>
> One small nit is that the file names are slightly odd:
>
> ted:Downloads$ ls apache*src*
> apache-drill-1.0.0-m1-src.tar.gz apache-drill-1.0.0-m1.src.tar.gz.asc
>
>
> Note how the signature has m1.src instead of m1-src
>
> For reference, here is a transcript of how I verified the signatures:
>
> # install gpg
> ted:Downloads$ sudo port install gnupg
> Password: ***
> Warning: port definitions are more than two weeks old, consider using
> selfupdate
> --->  Fetching archive for ncurses
>
>       ... *much noise deleted* ...
>
> --->  Attempting to fetch gnupg-1.4.13_1.darwin_11.x86_64.tbz2 from
> http://mse.uk.packages.macports.org/sites/packages.macports.org/gnupg
> --->  Attempting to fetch gnupg-1.4.13_1.darwin_11.x86_64.tbz2 from
> http://lil.fr.packages.macports.org/gnupg
>
>       ... *even more noise deleted* ...
>
> --->  Activating gnupg @1.4.13_1
> --->  Cleaning gnupg
> --->  Updating database of binaries: 100.0%
> --->  Scanning binaries for linking errors: 100.0%
> --->  No broken files found.
>
> # import the committer KEYS
> ted:Downloads$ gpg --import ~/tmp/drill/KEYS
> gpg: key AB10D143: public key "Jacques Nadeau <[EMAIL PROTECTED]>"
> imported
> gpg: Total number processed: 1
> gpg:               imported: 1  (RSA: 1)
> gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
> gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
> gpg: next trustdb check due at 2016-05-03
>
> # verify the signature on the binary distro
> ted:Downloads$ gpg --verify apache-drill-1.0.0-m1-bin.tar.gz.asc
>  apache-drill-1.0.0-m1-bin.tar.gz
> gpg: Signature made Wed Sep  4 04:23:37 2013 PDT using RSA key ID 6B5FA695
> gpg: Good signature from "Jacques Nadeau <[EMAIL PROTECTED]>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: BA97 595F EA79 095C AC43  C07E DF2B E030 AB10 D143
>      Subkey fingerprint: 2A4A FF9C 7531 2FB4 0116  62A4 C2C6 022A 6B5F A695
>
> # test our procedure by corrupting the file and verifying gpg warns us
> ted:Downloads$ echo -n foo >> apache-drill-1.0.0-m1-bin.tar.gz
> ted:Downloads$ gpg --verify apache-drill-1.0.0-m1-bin.tar.gz.asc
>  apache-drill-1.0.0-m1-bin.tar.gz gpg: Signature made Wed Sep  4 04:23:37
> 2013 PDT using RSA key ID 6B5FA695
> gpg: BAD signature from "Jacques Nadeau <[EMAIL PROTECTED]>"
>
> # verify source release
> ted:Downloads$ gpg --verify apache-drill-1.0.0-m1.src.tar.gz.asc
> apache-drill-1.0.0-m1-src.tar.gz
> gpg: Signature made Wed Sep  4 04:19:36 2013 PDT using RSA key ID 6B5FA695
> gpg: Good signature from "Jacques Nadeau <[EMAIL PROTECTED]>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: BA97 595F EA79 095C AC43  C07E DF2B E030 AB10 D143
>      Subkey fingerprint: 2A4A FF9C 7531 2FB4 0116  62A4 C2C6 022A 6B5F A695
> ted:Downloads$
>