You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@maven.apache.org by Francois Bertel <fr...@kitware.com> on 2005/10/25 19:56:48 UTC
bad pgp signature and checksum on the distributed files.
Hi,
It seems the distributed files of maven have wrong pgp signature and checksum.
I'm running Gentoo Linux on a x86 architecture.
I downloaded maven-1.0.2.tar.bz2 , md5 and asc files from this page:
http://maven.apache.org/maven-1.x/start/download.html
First, I typed:
$ gpg --verify maven-1.0.2.tar.bz2.asc maven-1.0.2.tar.bz2
and I got:
gpg: Signature made Tue Dec 7 06:19:08 2004 EST using DSA key ID 084C9113
gpg: Can't check signature: public key not found
So, I typed:
$ gpg --keyserver pgp.mit.edu --recv-keys 084C9113
and I got:
gpg: requesting key 084C9113 from hkp server pgp.mit.edu
gpg: key 084C9113: duplicated user ID detected - merged
gpg: key 084C9113: public key "Brett Porter <br...@apache.org>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1
Then, I tried again:
$ gpg --verify maven-1.0.2.tar.bz2.asc maven-1.0.2.tar.bz2
and I got:
gpg: Signature made Tue Dec 7 06:19:08 2004 EST using DSA key ID 084C9113
gpg: BAD signature from "Brett Porter <br...@apache.org>"
I also ran md5sum on the file:
$ md5sum maven-1.0.2.tar.bz2
I got:
b8deac945380d76c27e60b1fc4711a8a maven-1.0.2.tar.bz2
which is different from:
$ cat maven-1.0.2.tar.bz2.md5
81a6b4393e550635efe19e95cea38718
I have the same issue with the .tar.gz file or with maven-2.0.
Any help appreciated.
--
François Bertel, PhD | Kitware Inc. Suite 204
1 (518) 371 3971 x113 | 28 Corporate Drive
| Clifton Park NY 12065, USA
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
[solved]Re: bad pgp signature and checksum on the distributed files.
Posted by Francois Bertel <fr...@kitware.com>.
Ok, I solved the issue myself...
I got confused by the name of the link on the download page
http://maven.apache.org/maven-1.x/start/download.html .
I first downloaded the checksum and PGP signatures by right clicking on
"checksum" and "PGP" and they were real files.
So, I did the same for ".tar.bz2 archive" and save the link:
http://www.apache.org/dyn/closer.cgi/maven/binaries/maven-1.0.2.tar.bz2
I didn't catch the "cgi" word at first.
Fortunately, at some point, I left clicked "by mistake" on this link and a
mirror page showed up! So, I could download the right file and everything is
fine now.
It sounds like the joke of the day. :-)
Francois Bertel wrote:
> Hi,
>
> It seems the distributed files of maven have wrong pgp signature and checksum.
>
> I'm running Gentoo Linux on a x86 architecture.
>
> I downloaded maven-1.0.2.tar.bz2 , md5 and asc files from this page:
> http://maven.apache.org/maven-1.x/start/download.html
>
> First, I typed:
>
> $ gpg --verify maven-1.0.2.tar.bz2.asc maven-1.0.2.tar.bz2
>
> and I got:
>
> gpg: Signature made Tue Dec 7 06:19:08 2004 EST using DSA key ID 084C9113
> gpg: Can't check signature: public key not found
>
> So, I typed:
> $ gpg --keyserver pgp.mit.edu --recv-keys 084C9113
>
> and I got:
> gpg: requesting key 084C9113 from hkp server pgp.mit.edu
> gpg: key 084C9113: duplicated user ID detected - merged
> gpg: key 084C9113: public key "Brett Porter <br...@apache.org>" imported
> gpg: no ultimately trusted keys found
> gpg: Total number processed: 1
> gpg: imported: 1
>
> Then, I tried again:
> $ gpg --verify maven-1.0.2.tar.bz2.asc maven-1.0.2.tar.bz2
>
> and I got:
> gpg: Signature made Tue Dec 7 06:19:08 2004 EST using DSA key ID 084C9113
> gpg: BAD signature from "Brett Porter <br...@apache.org>"
>
>
> I also ran md5sum on the file:
> $ md5sum maven-1.0.2.tar.bz2
> I got:
> b8deac945380d76c27e60b1fc4711a8a maven-1.0.2.tar.bz2
> which is different from:
> $ cat maven-1.0.2.tar.bz2.md5
> 81a6b4393e550635efe19e95cea38718
>
>
> I have the same issue with the .tar.gz file or with maven-2.0.
>
> Any help appreciated.
>
>
--
François Bertel, PhD | Kitware Inc. Suite 204
1 (518) 371 3971 x113 | 28 Corporate Drive
| Clifton Park NY 12065, USA
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org