Skip to content

Update to parent 48, Maven 3.9.16#214

Merged
Bukama merged 4 commits into
apache:masterfrom
Bukama:update48
Jun 6, 2026
Merged

Update to parent 48, Maven 3.9.16#214
Bukama merged 4 commits into
apache:masterfrom
Bukama:update48

Conversation

@Bukama

@Bukama Bukama commented May 15, 2026

Copy link
Copy Markdown
Contributor

No description provided.

@Bukama Bukama requested a review from slawekjaranowski May 15, 2026 19:53
@Bukama Bukama self-assigned this May 15, 2026
@Bukama Bukama added the dependencies Pull requests that update a dependency file label May 15, 2026
@Bukama

Bukama commented May 15, 2026

Copy link
Copy Markdown
Contributor Author

Fails due invalid signature key from plexus dependency

[ERROR] Not allowed artifact org.codehaus.plexus:plexus-utils:jar:4.0.3 and keyID:
org.codehaus.plexus:plexus-utils:4.0.3 = 0xEA23DB1360D9029481E7F2EFECDFEA3CB4493B94
https://keyserver.ubuntu.com/pks/lookup?op=vindex&fingerprint=on&search=0x0181A4828FA27B6BE6F1F5A68611CD28F472E006

@Bukama Bukama mentioned this pull request May 15, 2026
Closed
@slawekjaranowski

slawekjaranowski commented May 31, 2026

Copy link
Copy Markdown
Member

Fails due invalid signature key from plexus dependency

[ERROR] Not allowed artifact org.codehaus.plexus:plexus-utils:jar:4.0.3 and keyID:
org.codehaus.plexus:plexus-utils:4.0.3 = 0xEA23DB1360D9029481E7F2EFECDFEA3CB4493B94
https://keyserver.ubuntu.com/pks/lookup?op=vindex&fingerprint=on&search=0x0181A4828FA27B6BE6F1F5A68611CD28F472E006

so should be fixed

slawekjaranowski
slawekjaranowski requested changes May 31, 2026
View reviewed changes

@slawekjaranowski slawekjaranowski left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

key to fix

@gnodet

gnodet commented May 31, 2026

Copy link
Copy Markdown
Contributor

The key is already uploaded to public keyservers (both keys.openpgp.org and keyserver.ubuntu.com).

The artifact plexus-utils:4.0.3 was signed with my EdDSA subkey 0x0181A4828FA27B6BE6F1F5A68611CD28F472E006 (created 2024-07-19), which is a subkey of my primary key 0xEA23DB1360D9029481E7F2EFECDFEA3CB4493B94.

The trusted keys list for org.codehaus.plexus currently includes my other EdDSA subkey 0x073F7A9345756F3B40CDB99E6C70A3B7599C5736 (created 2022-12-12), but not the primary key 0xEA23DB1360D9029481E7F2EFECDFEA3CB4493B94 which is what the verification reports.

The fix is to add 0xEA23DB1360D9029481E7F2EFECDFEA3CB4493B94 to the trusted keys for org.codehaus.plexus in the pgp-keys-map.list.

@Bukama Bukama requested a review from slawekjaranowski June 5, 2026 12:44
@Bukama

Bukama commented Jun 5, 2026

Copy link
Copy Markdown
Contributor Author

0xEA23DB1360D9029481E7F2EFECDFEA3CB4493B94

Took me a time to understand it's a local file in the project -added. Thanks for explain

slawekjaranowski
slawekjaranowski reviewed Jun 5, 2026
View reviewed changes
Comment thread pom.xml Outdated

<properties>
<mavenVersion>3.9.14</mavenVersion>
<mavenVersion>3.9.15</mavenVersion>

@slawekjaranowski slawekjaranowski Jun 5, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3.9.16

@Bukama Bukama changed the title Update to parent 48, Maven 3.9.15 Update to parent 48, Maven 3.9.16 Jun 6, 2026
@Bukama Bukama merged commit f7c384d into apache:master Jun 6, 2026
11 checks passed
@Bukama Bukama deleted the update48 branch June 6, 2026 10:00
@github-actions github-actions Bot added this to the 3.6.2 milestone Jun 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@slawekjaranowski slawekjaranowski slawekjaranowski approved these changes

Assignees

@Bukama Bukama

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

3.6.2

Development

Successfully merging this pull request may close these issues.

3 participants

@Bukama @slawekjaranowski @gnodet