2:28 a.m.
As pointed our on Tuesday it's time for a new release. I have tagged
the release candidate 1 in git and pushed signed tarball and rpms to
the usual place at:
ftp://libvirt.org/libvirt/
Based on my limited testing this works just fine, but that's very limited
and doesn't test portability at all, so please give it a try !
I will likely push rc2 on the week-end and the final version on Tuesday
or Wednesday,
please raise issues if you fine any,
thanks,
Daniel
--
Daniel Veillard | Open Source and Standards, Red Hat
veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | virtualization library http://libvirt.org/
4 p.m.
On Thu, Oct 29, 2015 at 03:28:51PM +0800, Daniel Veillard wrote:
As pointed our on Tuesday it's time for a new release. I have
tagged
the release candidate 1 in git and pushed signed tarball and rpms to
the usual place at:
ftp://libvirt.org/libvirt/
Based on my limited testing this works just fine, but that's very limited
and doesn't test portability at all, so please give it a try !
I'm having trouble verifying the signature:
$ gpg --verify libvirt-1.2.21-rc1.tar.gz.pgp libvirt-1.2.21-rc1.tar.gz
gpg: Signature made Do 29 Okt 2015 07:41:52 CET
gpg: using DSA key 0x4606B8A5DE95BC1F
gpg: please do a --check-trustdb
gpg: BAD signature from "Daniel Veillard (Red Hat work email)
<veillard(a)redhat.com>" [unknown]
while verifying e.g. 1.2.20 works as expected.
Cheers,
-- Guido
1:01 a.m.
Hi Guido,
On Fri, Oct 30, 2015 at 10:00:41PM +0100, Guido Günther wrote:
On Thu, Oct 29, 2015 at 03:28:51PM +0800, Daniel Veillard wrote:
> As pointed our on Tuesday it's time for a new release. I have tagged
> the release candidate 1 in git and pushed signed tarball and rpms to
> the usual place at:
>
> ftp://libvirt.org/libvirt/
>
> Based on my limited testing this works just fine, but that's very limited
> and doesn't test portability at all, so please give it a try !
I'm having trouble verifying the signature:
$ gpg --verify libvirt-1.2.21-rc1.tar.gz.pgp libvirt-1.2.21-rc1.tar.gz
gpg: Signature made Do 29 Okt 2015 07:41:52 CET
gpg: using DSA key 0x4606B8A5DE95BC1F
gpg: please do a --check-trustdb
gpg: BAD signature from "Daniel Veillard (Red Hat work email)
<veillard(a)redhat.com>" [unknown]
while verifying e.g. 1.2.20 works as expected.
Hum, where is libvirt-1.2.21-rc1.tar.gz.pgp coming from ? I only uploaded
libvirt-1.2.21-rc1.tar.gz.asc !
that said indeed there is an issue with rc1 signing ...
[root@libvirt libvirt]# gpg2 --keyserver hkp://pgp.mit.edu --recv-keys DE95BC1Fgpg:
requesting key DE95BC1F from hkp server pgp.mit.edu
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key DE95BC1F: public key "Daniel Veillard (Red Hat work email)
<veillard(a)redhat.com>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1
[root@libvirt libvirt]# gpg --verify libvirt-1.2.20.tar.gz.asc libvirt-1.2.20.tar.gz
gpg: Signature made Fri 02 Oct 2015 01:12:08 PM CEST using DSA key ID DE95BC1F
gpg: Good signature from "Daniel Veillard (Red Hat work email)
<veillard(a)redhat.com>"
gpg: aka "Daniel Veillard <Daniel.Veillard(a)w3.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F
[root@libvirt libvirt]# gpg --verify libvirt-1.2.21-rc1.tar.gz.asc
libvirt-1.2.21-rc1.tar.gz
gpg: Signature made Thu 29 Oct 2015 07:41:52 AM CET using DSA key ID DE95BC1F
gpg: BAD signature from "Daniel Veillard (Red Hat work email)
<veillard(a)redhat.com>"
[root@libvirt libvirt]#
I verified, the libvirt-1.2.21-rc1.tar.gz.asc present on libvirt server is
the same that I have left in my working dir of the machine where I assembled
the release.
On the other hand libvirt-1.2.21-rc1.tar.gz diverges
thinkpad2:~/libvirt -> sha256sum libvirt-1.2.21-rc1.tar.gz
3cc9f2882a145562ee41b8369a8c3d1cb0f383fe13c3e39ac923f712bf8614d0
libvirt-1.2.21-rc1.tar.gz
thinkpad2:~/libvirt ->
and
[root@libvirt libvirt]# sha256sum libvirt-1.2.21-rc1.tar.gz
00cce64d4eb906f294921effab7b0128dbded46da614f9d88681abdb80af0ae2
libvirt-1.2.21-rc1.tar.gz
[root@libvirt libvirt]#
I remember that I interrupted the rsync when pushing the release and restarted
it this may have introduced that divergence, I reuploaded the rc1:
[root@libvirt libvirt]# sha256sum libvirt-1.2.21-rc1.tar.gz
3cc9f2882a145562ee41b8369a8c3d1cb0f383fe13c3e39ac923f712bf8614d0
libvirt-1.2.21-rc1.tar.gz
[root@libvirt libvirt]# sha256sum libvirt-1.2.21-rc1.tar.gz.asc
9bfb1fe53c5d1457d5bc6a4f7ce4661ad925210f9ab2708bd0c523accf16f5e5
libvirt-1.2.21-rc1.tar.gz.asc
[root@libvirt libvirt]# gpg --verify libvirt-1.2.21-rc1.tar.gz.asc
libvirt-1.2.21-rc1.tar.gz
gpg: Signature made Thu 29 Oct 2015 07:41:52 AM CET using DSA key ID DE95BC1F
gpg: Good signature from "Daniel Veillard (Red Hat work email)
<veillard(a)redhat.com>"
gpg: aka "Daniel Veillard <Daniel.Veillard(a)w3.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F
[root@libvirt libvirt]#
and that version is fine,
thanks for the heads-up !
Daniel
--
Daniel Veillard | Open Source and Standards, Red Hat
veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | virtualization library http://libvirt.org/
5:40 a.m.
Hi Daniel,
On Sat, Oct 31, 2015 at 02:01:54PM +0800, Daniel Veillard wrote:
Hi Guido,
On Fri, Oct 30, 2015 at 10:00:41PM +0100, Guido Günther wrote:
> On Thu, Oct 29, 2015 at 03:28:51PM +0800, Daniel Veillard wrote:
> > As pointed our on Tuesday it's time for a new release. I have tagged
> > the release candidate 1 in git and pushed signed tarball and rpms to
> > the usual place at:
> >
> > ftp://libvirt.org/libvirt/
> >
> > Based on my limited testing this works just fine, but that's very
limited
> > and doesn't test portability at all, so please give it a try !
>
> I'm having trouble verifying the signature:
>
> $ gpg --verify libvirt-1.2.21-rc1.tar.gz.pgp libvirt-1.2.21-rc1.tar.gz
> gpg: Signature made Do 29 Okt 2015 07:41:52 CET
> gpg: using DSA key 0x4606B8A5DE95BC1F
> gpg: please do a --check-trustdb
> gpg: BAD signature from "Daniel Veillard (Red Hat work email)
<veillard(a)redhat.com>" [unknown]
>
> while verifying e.g. 1.2.20 works as expected.
Hum, where is libvirt-1.2.21-rc1.tar.gz.pgp coming from ? I only uploaded
libvirt-1.2.21-rc1.tar.gz.asc !
It's the same file. Debian's uscan just renames it after download.
that said indeed there is an issue with rc1 signing ...
[root@libvirt libvirt]# gpg2 --keyserver hkp://pgp.mit.edu --recv-keys DE95BC1Fgpg:
requesting key DE95BC1F from hkp server pgp.mit.edu
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key DE95BC1F: public key "Daniel Veillard (Red Hat work email)
<veillard(a)redhat.com>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1
[root@libvirt libvirt]# gpg --verify libvirt-1.2.20.tar.gz.asc libvirt-1.2.20.tar.gz
gpg: Signature made Fri 02 Oct 2015 01:12:08 PM CEST using DSA key ID DE95BC1F
gpg: Good signature from "Daniel Veillard (Red Hat work email)
<veillard(a)redhat.com>"
gpg: aka "Daniel Veillard <Daniel.Veillard(a)w3.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F
[root@libvirt libvirt]# gpg --verify libvirt-1.2.21-rc1.tar.gz.asc
libvirt-1.2.21-rc1.tar.gz
gpg: Signature made Thu 29 Oct 2015 07:41:52 AM CET using DSA key ID DE95BC1F
gpg: BAD signature from "Daniel Veillard (Red Hat work email)
<veillard(a)redhat.com>"
[root@libvirt libvirt]#
I verified, the libvirt-1.2.21-rc1.tar.gz.asc present on libvirt server is
the same that I have left in my working dir of the machine where I assembled
the release.
On the other hand libvirt-1.2.21-rc1.tar.gz diverges
thinkpad2:~/libvirt -> sha256sum libvirt-1.2.21-rc1.tar.gz
3cc9f2882a145562ee41b8369a8c3d1cb0f383fe13c3e39ac923f712bf8614d0
libvirt-1.2.21-rc1.tar.gz
thinkpad2:~/libvirt ->
and
[root@libvirt libvirt]# sha256sum libvirt-1.2.21-rc1.tar.gz
00cce64d4eb906f294921effab7b0128dbded46da614f9d88681abdb80af0ae2
libvirt-1.2.21-rc1.tar.gz
[root@libvirt libvirt]#
I remember that I interrupted the rsync when pushing the release and restarted
it this may have introduced that divergence, I reuploaded the rc1:
[root@libvirt libvirt]# sha256sum libvirt-1.2.21-rc1.tar.gz
3cc9f2882a145562ee41b8369a8c3d1cb0f383fe13c3e39ac923f712bf8614d0
libvirt-1.2.21-rc1.tar.gz
[root@libvirt libvirt]# sha256sum libvirt-1.2.21-rc1.tar.gz.asc
9bfb1fe53c5d1457d5bc6a4f7ce4661ad925210f9ab2708bd0c523accf16f5e5
libvirt-1.2.21-rc1.tar.gz.asc
[root@libvirt libvirt]# gpg --verify libvirt-1.2.21-rc1.tar.gz.asc
libvirt-1.2.21-rc1.tar.gz
gpg: Signature made Thu 29 Oct 2015 07:41:52 AM CET using DSA key ID DE95BC1F
gpg: Good signature from "Daniel Veillard (Red Hat work email)
<veillard(a)redhat.com>"
gpg: aka "Daniel Veillard <Daniel.Veillard(a)w3.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F
[root@libvirt libvirt]#
and that version is fine,
Indeed. With the new tarball it verifies correctly. Thanks!
Cheers,
-- Guido
thanks for the heads-up !
Daniel
--
Daniel Veillard | Open Source and Standards, Red Hat
veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | virtualization library http://libvirt.org/
6:52 a.m.
On Sat, Oct 31, 2015 at 11:40:22AM +0100, Guido Günther wrote:
Hi Daniel,
On Sat, Oct 31, 2015 at 02:01:54PM +0800, Daniel Veillard wrote:
> Hi Guido,
>
> On Fri, Oct 30, 2015 at 10:00:41PM +0100, Guido Günther wrote:
> > On Thu, Oct 29, 2015 at 03:28:51PM +0800, Daniel Veillard wrote:
> > > As pointed our on Tuesday it's time for a new release. I have
tagged
> > > the release candidate 1 in git and pushed signed tarball and rpms to
> > > the usual place at:
> > >
> > > ftp://libvirt.org/libvirt/
> > >
> > > Based on my limited testing this works just fine, but that's very
limited
> > > and doesn't test portability at all, so please give it a try !
> >
> > I'm having trouble verifying the signature:
> >
> > $ gpg --verify libvirt-1.2.21-rc1.tar.gz.pgp libvirt-1.2.21-rc1.tar.gz
> > gpg: Signature made Do 29 Okt 2015 07:41:52 CET
> > gpg: using DSA key 0x4606B8A5DE95BC1F
> > gpg: please do a --check-trustdb
> > gpg: BAD signature from "Daniel Veillard (Red Hat work email)
<veillard(a)redhat.com>" [unknown]
> >
> > while verifying e.g. 1.2.20 works as expected.
>
> Hum, where is libvirt-1.2.21-rc1.tar.gz.pgp coming from ? I only uploaded
> libvirt-1.2.21-rc1.tar.gz.asc !
It's the same file. Debian's uscan just renames it after download.
>
> that said indeed there is an issue with rc1 signing ...
>
> [root@libvirt libvirt]# gpg2 --keyserver hkp://pgp.mit.edu --recv-keys DE95BC1Fgpg:
requesting key DE95BC1F from hkp server pgp.mit.edu
> gpg: /root/.gnupg/trustdb.gpg: trustdb created
> gpg: key DE95BC1F: public key "Daniel Veillard (Red Hat work email)
<veillard(a)redhat.com>" imported
> gpg: no ultimately trusted keys found
> gpg: Total number processed: 1
> gpg: imported: 1
> [root@libvirt libvirt]# gpg --verify libvirt-1.2.20.tar.gz.asc
libvirt-1.2.20.tar.gz
> gpg: Signature made Fri 02 Oct 2015 01:12:08 PM CEST using DSA key ID DE95BC1F
> gpg: Good signature from "Daniel Veillard (Red Hat work email)
<veillard(a)redhat.com>"
> gpg: aka "Daniel Veillard <Daniel.Veillard(a)w3.org>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the owner.
> Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F
> [root@libvirt libvirt]# gpg --verify libvirt-1.2.21-rc1.tar.gz.asc
libvirt-1.2.21-rc1.tar.gz
> gpg: Signature made Thu 29 Oct 2015 07:41:52 AM CET using DSA key ID DE95BC1F
> gpg: BAD signature from "Daniel Veillard (Red Hat work email)
<veillard(a)redhat.com>"
> [root@libvirt libvirt]#
>
> I verified, the libvirt-1.2.21-rc1.tar.gz.asc present on libvirt server is
> the same that I have left in my working dir of the machine where I assembled
> the release.
> On the other hand libvirt-1.2.21-rc1.tar.gz diverges
>
> thinkpad2:~/libvirt -> sha256sum libvirt-1.2.21-rc1.tar.gz
> 3cc9f2882a145562ee41b8369a8c3d1cb0f383fe13c3e39ac923f712bf8614d0
libvirt-1.2.21-rc1.tar.gz
> thinkpad2:~/libvirt ->
>
> and
>
> [root@libvirt libvirt]# sha256sum libvirt-1.2.21-rc1.tar.gz
> 00cce64d4eb906f294921effab7b0128dbded46da614f9d88681abdb80af0ae2
libvirt-1.2.21-rc1.tar.gz
> [root@libvirt libvirt]#
>
> I remember that I interrupted the rsync when pushing the release and restarted
> it this may have introduced that divergence, I reuploaded the rc1:
>
> [root@libvirt libvirt]# sha256sum libvirt-1.2.21-rc1.tar.gz
> 3cc9f2882a145562ee41b8369a8c3d1cb0f383fe13c3e39ac923f712bf8614d0
libvirt-1.2.21-rc1.tar.gz
> [root@libvirt libvirt]# sha256sum libvirt-1.2.21-rc1.tar.gz.asc
> 9bfb1fe53c5d1457d5bc6a4f7ce4661ad925210f9ab2708bd0c523accf16f5e5
libvirt-1.2.21-rc1.tar.gz.asc
> [root@libvirt libvirt]# gpg --verify libvirt-1.2.21-rc1.tar.gz.asc
libvirt-1.2.21-rc1.tar.gz
> gpg: Signature made Thu 29 Oct 2015 07:41:52 AM CET using DSA key ID DE95BC1F
> gpg: Good signature from "Daniel Veillard (Red Hat work email)
<veillard(a)redhat.com>"
> gpg: aka "Daniel Veillard <Daniel.Veillard(a)w3.org>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the owner.
> Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F
> [root@libvirt libvirt]#
>
> and that version is fine,
Indeed. With the new tarball it verifies correctly. Thanks!
Good, and after verifications the old one was really broken:
thinkpad2:/tmp -> tar xvzf libvirt-1.2.21-rc1.tar.gz.broken
....
libvirt-1.2.21/po/hi.po
gzip: stdin: unexpected end of file
tar: Unexpected EOF in archive
tar: Unexpected EOF in archive
tar: Error is not recoverable: exiting now
thinkpad2:/tmp ->
So it's a case of restarting an rsync -P after an user interruption where
the copied file ends up being corrupted, there is a bug somewhere but nothing
malicious :-)
Daniel
Cheers,
-- Guido
>
> thanks for the heads-up !
>
> Daniel
>
> --
> Daniel Veillard | Open Source and Standards, Red Hat
> veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
> http://veillard.com/ | virtualization library http://libvirt.org/
>
--
Daniel Veillard | Open Source and Standards, Red Hat
veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | virtualization library http://libvirt.org/
9:21 p.m.
New subject: [libvirt] Availability of release candidate 2 for libvirt-1.2.21
As planned I tagged it in git and pushed signed tarballs and rpms
to the usual place. I verified the signature that time, seems to be fine :-)
ftp://libvirt.org/libvirt/
I gave it my usual lightweight testing, it seems to work fine, but please
give it more testing. It's also reassuring that everything is green on
the CI @ CentOS but that's not a guarantee of portability :-)
https://ci.centos.org/view/libvirt-project/
If everything goes well I will push the 1.2.21 release on Wednesday,
but again please test the current version !
Thanks,
Daniel
--
Daniel Veillard | Open Source and Standards, Red Hat
veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | virtualization library http://libvirt.org/
3307
days inactive
3311
days old
5 comments
2 participants
participants (2)
-
Daniel Veillard -
Guido Günther