Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
1.2.2
-
None
-
None
Description
Steps to reproduce
Run the following commands -
curl -fSL -o KEYS https://archive.apache.org/dist/hive/KEYS
export HIVE_VERSION=1.2.2
curl -fSL -o hive.tar.gz https://archive.apache.org/dist/hadoop/common/hadoop-${HADOOP_VERSION}/hadoop-${HADOOP_VERSION}.tar.gz
curl -fSL -o hive.tar.gz.asc https://archive.apache.org/dist/hadoop/common/hadoop-${HADOOP_VERSION}/hadoop-${HADOOP_VERSION}.tar.gz.asc
export GNUPGHOME="$(mktemp -d)"
gpg --import KEYS
gpg --verify hive.tar.gz.asc hive.tar.gz
Expected Result
gpg: Signature made Sun Apr 2 20:16:19 2017 UTC gpg: using RSA key F2384CC9084FCC30 gpg: Good signature from "Vaibhav Gumashta (CODE SIGNING KEY) <vgumashta@apache.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 2FF7 1C57 D64C 9AB4 F21A 68D7 F238 4CC9 084F CC30
Actual Result
It seems that the file KEYS file is missing the key F2384CC9084FCC30
$ gpg --verify hive.tar.gz.asc hive.tar.gz gpg: Signature made Sun Apr 2 20:16:19 2017 UTC gpg: using RSA key F2384CC9084FCC30 gpg: Can't check signature: No public key#