Hello Guilhem, On Thu, May 31, 2018 at 12:01:49AM +0200, Guilhem Moulin wrote: > On Wed, 30 May 2018 at 23:18:55 +0200, Uwe Kleine-König wrote: > > uwe@taurus:~/tmp$ gpgsigs 0D2511F322BFAB1C1580266BE2DCDD9132669BD6 > > uwesparty.txt | grep -A2 "SHA256 Ch" > > Running --list-sigs, this may take a while . > > Annotating uwesparty.txt, writing into - > > SHA256 Checksum: 7F18 DB92 B265 CF92 9938 B4F7 5D80 999C > > > > 6697 1C2F 3DC9 D086 ACB8 469F 4A7C C7EE > > [ ] > > > > (but this isn't really useful because the checksum is wrong). > > How so? What checksum were you expecting there? > > $ sha256sum uwesparty.txt > 7f18db92b265cf929938b4f75d80999c66971c2f3dc9d086acb8469f4a7cc7ee > uwesparty.txt
Well, the sum is right for uwesparty.txt, but the motivation to report this bug was that I got a file with the SHA256 partially filled in. So gpgsigs is right for the unfilled file. I claimed this to be still wrong because the "official" list in my case was prefilled. > > With gpgsigs/stretch it works fine. > > It was never designed this way, so I don't consider the new behavior to > be a regression hence downgraded the severity to ‘wishlist’. In fact > gpgsigs from signing-party 2.5-1 prints a warning and fills in the wrong > fingerprint: > > $ gpgsigs 0D2511F322BFAB1C1580266BE2DCDD9132669BD6 uwesparty.txt.01bdf8 | > grep -A2 "SHA256 Ch" > Running --list-sigs, this may take a while . > Annotating uwesparty.txt.01bdf8, writing into - > Redundant argument in sprintf at gpgsigs line 402, <TXT> line 27. > SHA256 Checksum: 01BD F801 BDF8 B438 F326 6A35 C887 E6E1 > > > AC66 45F8 D486 0A85 486E 6EA4 0EBB 3A73 > [ ] > > $ sha256sum uwesparty.txt.01bdf8 > 01bdf8b438f3266a35c887e6e1ac6645f8d4860a85486e6ea40ebb3a73f59fdd > uwesparty.txt.01bdf8 > > That is, you have the first 3 digests bytes (6 hexdigits) followed with > digest bytes 0-28. Thus bytes 0-2 are repeated and bytes 29-31 are > missing. Ah, probably I didn't check carefully enough here then. So that's not a regression as I first thought. Best regards Uwe
signature.asc
Description: PGP signature