You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tika.apache.org by "Dave Meikle (JIRA)" <ji...@apache.org> on 2016/06/15 13:17:09 UTC
[jira] [Assigned] (TIKA-2003) Tika 1.13 gpg signature not
validating.
[ https://issues.apache.org/jira/browse/TIKA-2003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dave Meikle reassigned TIKA-2003:
---------------------------------
Assignee: Dave Meikle
> Tika 1.13 gpg signature not validating.
> ---------------------------------------
>
> Key: TIKA-2003
> URL: https://issues.apache.org/jira/browse/TIKA-2003
> Project: Tika
> Issue Type: Bug
> Reporter: Stephen Durham
> Assignee: Dave Meikle
>
> I am using Tika via the logicalspark/docker-tikaserver instance and I noticed that the latest update to 1.13 failed the build process for the docker instance due to a bad signature. I took the
> steps outlined below to make sure that this was actually an issue before submitting the ticket.
> There is a related issue from a few years back, same RSA key 0EB30B07. The ticket is 1345.
> Thanks in advance for any assistance with this issue.
> -Stephen
> First I tested with the Docker instance. I cloned the logicalspark/docker-tikaserver repo and attempted the docker build locally. The build encountered the following error:
> {noformat}
> gpg: Signature made Mon May 9 17:34:48 2016 UTC using RSA key ID 0EB30B07
> gpg: Can't check signature: public key not found
> {noformat}
> I then tested locally. With no keys other than those contained in tika.asc
> {noformat}
> wget https://people.apache.org/keys/group/tika.asc
> wget http://apache.mirrors.tds.net/tika/tika-server-1.13.jar
> wget https://www.apache.org/dist/tika/tika-server-1.13.jar.asc
> {noformat}
> Then I verified the MD5 sum matches the download page.
> {noformat}
> md5 tika-server-1.13.jar
> MD5 (tika-server-1.13.jar) = 155bec7b7cb25b22effa99db1fb8e233
> {noformat}
> Next I verified the signature following the steps on the download page.
> 1. Import the Keys.
> {noformat}
> gpg --import tika.asc
> gpg: /Users/stephen/.gnupg/trustdb.gpg: trustdb created
> gpg: key B876884A: public key "Chris Mattmann (CODE SIGNING KEY)" imported
> gpg: key 6ED9BE21: public key "Bob Paulin (CODE SIGNING KEY)" imported
> gpg: key 0890B1AB: public key "Konstantin Gribov (gross)" imported
> gpg: key 6E68DA61: public key "Michael McCandless (CODE SIGNING KEY)" imported
> gpg: key A355A63E: public key "Jukka Zitting" imported
> gpg: key 8A26D9A6: public key "Jukka Zitting" imported
> gpg: key 42CFAE07: public key "Jukka Zitting (CODE SIGNING KEY)" imported
> gpg: key 95D21F2E: public key "Ray Gauss II (CODE SIGNING KEY)" imported
> gpg: key D4F10117: public key "Tyler Palsulich" imported
> gpg: key DEDEAB92: public key "Sergey Beryozkin (Release Management)" imported
> gpg: key 97EDDE66: public key "tallison (apache_distro_keys)" imported
> gpg: key 48BAEBF6: public key "Lewis John McGibbney (CODE SIGNING KEY)" imported
> gpg: key D84E41AE: public key "Nick Burch" imported
> gpg: Total number processed: 13
> gpg: imported: 13 (RSA: 8)
> gpg: no ultimately trusted keys found
> {noformat}
> 2. Verify the signature.
> {noformat}
> gpg --verify tika-server-1.13.jar.asc
> gpg: assuming signed data in `tika-server-1.13.jar'
> gpg: Signature made Mon May 9 12:34:48 2016 CDT using RSA key ID 0EB30B07
> gpg: Can't check signature: public key not found
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)