You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by "Patrick Simon (JIRA)" <ji...@apache.org> on 2018/07/18 01:56:00 UTC
[jira] [Closed] (OPENMEETINGS-1901) gpg validation of zip file
download failed with BAD signature
[ https://issues.apache.org/jira/browse/OPENMEETINGS-1901?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Patrick Simon closed OPENMEETINGS-1901.
---------------------------------------
Resolution: Cannot Reproduce
Closed as cannot reproduce.
Thanks for looking into this. I pulled the file apache-openmeetings-4.0.4.zip again today, and this time gpg reported a good signature. The previous copy of the zip file was much smaller than the one I pulled today, presumably the previous file was only partially downloaded.
> gpg validation of zip file download failed with BAD signature
> -------------------------------------------------------------
>
> Key: OPENMEETINGS-1901
> URL: https://issues.apache.org/jira/browse/OPENMEETINGS-1901
> Project: Openmeetings
> Issue Type: Bug
> Components: BuildsAndReleases
> Affects Versions: 4.0.4
> Reporter: Patrick Simon
> Assignee: SebastianWagner
> Priority: Major
> Labels: security
>
> verification of download zip file failed
> I followed the instructions on the download page to verify apache-openmeetings-4.0.4.zip.
> steps and environment details:
> all files downloaded from site through firefox on Windows 10
> KEYS file saved as apache-openmeetings-KEYS
> all other files saved as named on the download site
> verification attempted using the following commands from bash on ubuntu on Windows 10 in the folder where all files located
> $ gpg --import apache-openmeetings-KEYS
> gpg: directory `/home/xxx/.gnupg' created
> gpg: new configuration file `/home/xxxx/.gnupg/gpg.conf' created
> gpg: WARNING: options in `/home/xxxx/.gnupg/gpg.conf' are not yet active during this run
> gpg: keyring `/home/xxxx/.gnupg/secring.gpg' created
> gpg: keyring `/home/xxxx/.gnupg/pubring.gpg' created
> gpg: /home/psimon/.gnupg/trustdb.gpg: trustdb created
> gpg: key 93A30395: public key "Sebastian Wagner <se...@apache.org>" imported
> gpg: key D27B0B59: public key "Eugen Schwert (CODE SIGNING KEY) <eu...@gmail.com>" imported
> gpg: key C467526E: public key "Maxim Solodovnik (solomax) <so...@apache.org>" imported
> gpg: key C1D03D7A: public key "German Grekhov <gg...@apache.org>" imported
> gpg: Total number processed: 4
> gpg: imported: 4 (RSA: 4)
> $ gpg --verify apache-openmeetings-4.0.4.zip.asc apache-openmeetings-4.0.4.zip
> gpg: Signature made Fri 25 May 2018 12:22:55 PM DST using RSA key ID C467526E
> gpg: BAD signature from "Maxim Solodovnik (solomax) <so...@apache.org>"
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)