Missing keys for checking an M2 repository
Basics
Logistics
Basics
Logistics
Description
Environment
None
Activity
Rod Widdowson March 3, 2022 at 2:26 PM
Rod Widdowson
March 3, 2022 at 2:26 PM
Fixed/Worked around quite some time ago
Rod Widdowson January 26, 2022 at 4:33 PM
Rod Widdowson
January 26, 2022 at 4:33 PM
Status
Starting with an empty repository I have done:
versions:seton java-support & spring-extensionsclean verify -P releaseon java-support, spring-extensions, opensaml & the IdPUsing mvn 3.8.4
All I am missing is the above key (
mandrikov@gmail.com)
java-idp-testbed -P release
Causes the following new failures
javax.annotation-api : 1.3.2 KeyId (0x6425559C47CC79C4) not found in keyring for javax.annotation
taglibs-standard-impl : 1.2.5 No keyring for group org.apache.taglibs
taglibs-standard-spec : 1.2.5 No keyring for group org.apache.taglibs
ecj : 3.19.0 KeyId (0x5FEC689CA7E7B6BD) not found in keyring for org.eclipse.jdt
jetty-schemas : 3.1.2 KeyId (0x2D0E1FB8FE4B68B4) not found in keyring for org.eclipse.jetty.toolchain
cas-client-core : 3.5.1 KeyId (0xB1BCCC90229CA32E) not found in keyring for org.jasig.cas.client
apache-el : 8.5.70 KeyId (0x37B0A85F5CE89B0C) not found in keyring for org.mortbay.jasper
apache-jsp : 8.5.70 KeyId (0x37B0A85F5CE89B0C) not found in keyring for org.mortbay.jasper
I’m hoping I’ll get these all from shib-thirdparty repository.
Rod Widdowson January 26, 2022 at 11:04 AM
Rod Widdowson
January 26, 2022 at 11:04 AM
Something has brought down:
jacoco-maven-plugin : 0.8.6 KeyId (0xCB43338E060CF9FA) not found in keyring for org.jacocoThis is the key
pub rsa4096/a413f67d71beec23add0ce0acb43338e060cf9fa 2010-12-19T00:20:57Z
Hash=068e3abf08bf719c8bfa2f009194c831
uid Evgeny Mandrikov (CODE SIGNING KEY) <mandrikov@gmail.com>
sig sig cb43338e060cf9fa 2010-12-19T00:29:42Z ____________________ ____________________ [selfsig]
sig sig 0d3b328562a119a7 2014-08-22T21:39:44Z ____________________ ____________________ 0d3b328562a119a7
sub rsa4096/67653f00e6e5d39f32ee2952c59d5d06cf8d0e01 2010-12-19T00:20:57Z
sig sbind cb43338e060cf9fa 2010-12-19T00:20:57Z ____________________ ____________________ []
I have sent mail to the owner (20:17 GMT on the 26th). Still waiting for a response.
Rod Widdowson January 21, 2022 at 3:52 PM(edited)
Rod Widdowson
January 21, 2022 at 3:52 PM
(edited)
Actions:
See what maven 3.6.3 brings down (as per team meeting 21/-Jan)
Get validation on the missing keys (above)
Rod Widdowson January 19, 2022 at 7:54 PM
Rod Widdowson
January 19, 2022 at 7:54 PM
The list for 4.2-SNAPSHOT is much smaller and more tractable (when built by maven 3.8.4)
commons-cli : 1.2 KeyId (0x1241BC872C5E4EC0) not found in keyring for commons-cli
commons-collections : 3.2.1 KeyId (0x1861C322C56014B2) not found in keyring for commons-collections
stax-api : 1.0-2 No keyring for group javax.xml.stream
doxia-module-fml : 1.7 KeyId (0xC92C5FEC70161C62) not found in keyring for org.apache.maven.doxia
doxia-module-xhtml : 1.7 KeyId (0xC92C5FEC70161C62) not found in keyring for org.apache.maven.doxia
doxia-site-renderer : 1.7 KeyId (0xC92C5FEC70161C62) not found in keyring for org.apache.maven.doxia
doxia-skin-model : 1.7 KeyId (0xC92C5FEC70161C62) not found in keyring for org.apache.maven.doxia
maven-antrun-plugin : 1.3 KeyId (0xA8AD2A7E9A25CE21) not found in keyring for org.apache.maven.plugins
maven-gpg-plugin : 1.6 KeyId (0x3B58205B9D7013A9) not found in keyring for org.apache.maven.plugins
maven-release-plugin : 2.5.3 KeyId (0x9C4F7E9D98B1CC53) not found in keyring for org.apache.maven.plugins
versions-maven-plugin : 2.8.1 No keyring for group org.codehaus.mojo
jacoco-maven-plugin : 0.8.6 No keyring for group org.jacoco
jcl-over-slf4j : 1.5.6 KeyId (0x378B845402277962) not found in keyring for org.slf4j
slf4j-api : 1.5.6 KeyId (0x378B845402277962) not found in keyring for org.slf4j
slf4j-jdk14 : 1.5.6 KeyId (0x378B845402277962) not found in keyring for org.slf4jLots of down rev stuff coming in.
In the past two days I have tried to run an m2 repo check
For OpenSAML (mainline)
protobuf-java : 3.6.1 KeyId (0xB57BD58EF6D0A713) not found in keyring for com.google.protobuf mysql-connector-java : 8.0.19 KeyId (0x8C718D3B5072E1F5) not found in keyring for mysql postgresql : 42.2.10.jre7 KeyId (0x38F47D3E410C47B1) not found in keyring for org.postgresqlIdp (4.1.5)
The build was these two phrases
mvn -Dmaven.repo.local=$REPO -DgenerateBackupPoms=false -DnewVersion=4.1.5 -Pcentral-disabled versions:set mvn -Dmaven.repo.local=$REPO -Pcentral-disabled,release clean verifyThis was left uncheckable (and I suggest you look closely at some of the jars)
commons-cli : 1.2 KeyId (0x1241BC872C5E4EC0) not found in keyring for commons-cli commons-collections : 3.2.1 KeyId (0x1861C322C56014B2) not found in keyring for commons-collections stax-api : 1.0-2 No keyring for group javax.xml.stream log4j : 1.2.12 No keyring for group log4j maven-javadoc-plugin : 3.2.0 Could not find signature (group : net.shibboleth.maven.plugins) doxia-core : 1.4 KeyId (0xC92C5FEC70161C62) not found in keyring for org.apache.maven.doxia doxia-decoration-model : 1.4 KeyId (0xC92C5FEC70161C62) not found in keyring for org.apache.maven.doxia doxia-logging-api : 1.4 KeyId (0xC92C5FEC70161C62) not found in keyring for org.apache.maven.doxia doxia-logging-api : 1.7 KeyId (0xC92C5FEC70161C62) not found in keyring for org.apache.maven.doxia doxia-module-fml : 1.4 KeyId (0xC92C5FEC70161C62) not found in keyring for org.apache.maven.doxia doxia-module-xhtml : 1.4 KeyId (0xC92C5FEC70161C62) not found in keyring for org.apache.maven.doxia doxia-sink-api : 1.4 KeyId (0xC92C5FEC70161C62) not found in keyring for org.apache.maven.doxia doxia-sink-api : 1.7 KeyId (0xC92C5FEC70161C62) not found in keyring for org.apache.maven.doxia doxia-site-renderer : 1.4 KeyId (0xC92C5FEC70161C62) not found in keyring for org.apache.maven.doxia maven-antrun-plugin : 1.3 KeyId (0xA8AD2A7E9A25CE21) not found in keyring for org.apache.maven.plugins maven-gpg-plugin : 1.6 KeyId (0x3B58205B9D7013A9) not found in keyring for org.apache.maven.plugins maven-reporting-impl : 2.2 KeyId (0x33CD6733AF5EC452) not found in keyring for org.apache.maven.reporting maven-common-artifact-filters : 1.4 KeyId (0x9C4F7E9D98B1CC53) not found in keyring for org.apache.maven.shared wagon-file : 2.5 KeyId (0x8DC6F3D0ABDBD017) not found in keyring for org.apache.maven.wagon wagon-provider-api : 2.5 KeyId (0x8DC6F3D0ABDBD017) not found in keyring for org.apache.maven.wagon xbean-reflect : 3.4 KeyId (0xECDFEA3CB4493B94) not found in keyring for org.apache.xbean versions-maven-plugin : 2.2 No keyring for group org.codehaus.mojo stax2-api : 3.1.1 Could not find signature (group : org.codehaus.woodstox) woodstox-core-asl : 4.2.0 KeyId (0x2D1F2506C6ECEDF4) not found in keyring for org.codehaus.woodstox jacoco-maven-plugin : 0.8.6 No keyring for group org.jacoco jcl-over-slf4j : 1.5.6 KeyId (0x378B845402277962) not found in keyring for org.slf4j slf4j-api : 1.5.6 KeyId (0x378B845402277962) not found in keyring for org.slf4j slf4j-jdk14 : 1.5.6 KeyId (0x378B845402277962) not found in keyring for org.slf4j xercesImpl : 2.9.1 No keyring for group xerces xml-apis : 1.3.04 No keyring for group xml-apis