You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@openmeetings.apache.org by "Patrick Simon (JIRA)" <ji...@apache.org> on 2018/07/18 01:56:00 UTC

[jira] [Closed] (OPENMEETINGS-1901) gpg validation of zip file download failed with BAD signature

     [ https://issues.apache.org/jira/browse/OPENMEETINGS-1901?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Patrick Simon closed OPENMEETINGS-1901.
---------------------------------------
    Resolution: Cannot Reproduce

Closed as cannot reproduce.

Thanks for looking into this. I pulled the file apache-openmeetings-4.0.4.zip again today, and this time gpg reported a good signature. The previous copy of the zip file was much smaller than the one I pulled today, presumably the previous file was only partially downloaded.

> gpg validation of zip file download failed with BAD signature
> -------------------------------------------------------------
>
>                 Key: OPENMEETINGS-1901
>                 URL: https://issues.apache.org/jira/browse/OPENMEETINGS-1901
>             Project: Openmeetings
>          Issue Type: Bug
>          Components: BuildsAndReleases
>    Affects Versions: 4.0.4
>            Reporter: Patrick Simon
>            Assignee: SebastianWagner
>            Priority: Major
>              Labels: security
>
> verification of download zip file failed
> I followed the instructions on the download page to verify apache-openmeetings-4.0.4.zip.
> steps and environment details:
> all files downloaded from site through firefox on Windows 10
> KEYS file saved as apache-openmeetings-KEYS
> all other files saved as named on the download site
> verification attempted using the following commands from bash on ubuntu on Windows 10 in the folder where all files located
> $ gpg --import apache-openmeetings-KEYS
> gpg: directory `/home/xxx/.gnupg' created
> gpg: new configuration file `/home/xxxx/.gnupg/gpg.conf' created
> gpg: WARNING: options in `/home/xxxx/.gnupg/gpg.conf' are not yet active during this run
> gpg: keyring `/home/xxxx/.gnupg/secring.gpg' created
> gpg: keyring `/home/xxxx/.gnupg/pubring.gpg' created
> gpg: /home/psimon/.gnupg/trustdb.gpg: trustdb created
> gpg: key 93A30395: public key "Sebastian Wagner <se...@apache.org>" imported
> gpg: key D27B0B59: public key "Eugen Schwert (CODE SIGNING KEY) <eu...@gmail.com>" imported
> gpg: key C467526E: public key "Maxim Solodovnik (solomax) <so...@apache.org>" imported
> gpg: key C1D03D7A: public key "German Grekhov <gg...@apache.org>" imported
> gpg: Total number processed: 4
> gpg:               imported: 4  (RSA: 4)
> $ gpg --verify apache-openmeetings-4.0.4.zip.asc apache-openmeetings-4.0.4.zip
> gpg: Signature made Fri 25 May 2018 12:22:55 PM DST using RSA key ID C467526E
> gpg: BAD signature from "Maxim Solodovnik (solomax) <so...@apache.org>" 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)