HBASE-24572 release scripts should try to use a keyid when refering to GPG keys. #2001

busbey · 2020-06-30T05:00:52Z

first pass at turning a given gpg key name into a key id during release info gathering.

…o GPG keys.

ndimiduk · 2020-07-02T21:57:15Z

So it makes a guess, but that guess is not correct in my case. I want it to use the dedicated signing key (0xAD9039071C3489BD), not the key of the master keyring.

$ gpg -K
/Users/ndimiduk/.gnupg/pubring.kbx
----------------------------------
sec#  rsa4096/0xCA3633F18644EEB6 2014-03-11 [SC] [expires: 2024-06-12]
      Key fingerprint = 3A74 917C 0C45 844F B816  BB4A CA36 33F1 8644 EEB6
uid                   [ultimate] Nick Dimiduk <[email protected]>
uid                   [ultimate] Nick Dimiduk <[email protected]>
ssb#  rsa4096/0xB44B40F2D2DCE494 2014-03-11 [E] [expires: 2022-06-12]
ssb>  rsa4096/0xAD9039071C3489BD 2015-04-30 [S] [expires: 2022-06-12]
ssb>  rsa4096/0x2FD7719BB28DF80C 2020-06-15 [A] [expires: 2021-06-15]
$ ./dev-support/create-release/do-release-docker.sh -d ~/build-rc2-1 -f
========================
=== Gathering release details.
...
GPG_KEY [[email protected]]: 
We think the key '[email protected]' corresponds to the key id '0x1C3489BD'. Is this correct [y/n?

ndimiduk · 2020-07-02T21:58:20Z

dev-support/create-release/release-util.sh

+      [ -z "${GPG_KEY_ID}" ] ; then
+    GPG_KEY_ID=$("${GPG}" "${GPG_ARGS[@]}" --keyid-format 0xshort --list-public-key "${GPG_KEY}" | head -n 1 | grep -o "0x[0-9A-F]*" || true)
+  fi
+  read -r -p "We think the key '${GPG_KEY}' corresponds to the key id '${GPG_KEY_ID}'. Is this correct [y/n? " ANSWER


missing closing brace on [y/n?

ndimiduk · 2020-07-02T22:12:33Z

What am I saying, it has chosen the key I intended. 0xAD9039071C3489BD is 0x1C3489BD How does that work?

busbey · 2020-07-02T22:26:58Z

the former is the 0xlong key id and the latter is the 0xshort key id. if you gave the 0xlong key id in the get_release_info prompt then saying "n" to the guess will have the rest of the tooling use the version you gave. (and the confirmation prompt for the release info should reflect that)

Apache-HBase · 2020-07-02T22:37:18Z

🎊 +1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	0m 37s	Docker mode activated.
-0 ⚠️	yetus	0m 3s	Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck
		_ Prechecks _
		_ master Compile Tests _
+0 🆗	mvndep	0m 22s	Maven dependency ordering for branch
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 8s	Maven dependency ordering for patch
		_ Other Tests _
		1m 50s

Subsystem	Report/Notes
Docker	Client=19.03.12 Server=19.03.12 base: https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-2001/2/artifact/yetus-jdk11-hadoop3-check/output/Dockerfile
GITHUB PR	#2001
Optional Tests
uname	Linux b5c3aa45e34c 4.15.0-58-generic #64-Ubuntu SMP Tue Aug 6 11:12:41 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	master / `e614b89`
Max. process+thread count	52 (vs. ulimit of 12500)
modules	C: U:
Console output	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-2001/2/console
versions	git=2.17.1 maven=(cecedd343002696d0abb50b32b541b8a6ba2883f)
Powered by	Apache Yetus 0.11.1 https://yetus.apache.org