Thanks Alexander! I can confirm that this worked for me. On a mac, I renamed cordova-plugin-vibration-1.1.0.tgz.sha -> cordova-plugin-vibration-1.1.0.tgz.sha.zip then double clicked it in Finder.
Primary key fingerprint: EBAC 6409 FA2F 2FCF A42C 1080 3843 B8F9 FFCA 68BE *./* ============================= Computing MD5 for: /Repos/cordova/tempVibeVote/cordova-plugin-vibration-1.1.0.tgz *./* ============================= Computing SHA512 for: /Repos/cordova/tempVibeVote/cordova-plugin-vibration-1.1.0.tgz *./* ============================= /Repos/cordova/tempVibeVote/cordova-plugin-vibration-1.1.0.tgz signature and hashes verified. *./* ============================= Verified 1 signatures and hashes. @purplecabbage risingj.com On Tue, May 12, 2015 at 12:59 AM, Alexander Sorokin (Akvelon) < v-als...@microsoft.com> wrote: > Hi Murat. > > This issue (not matching SHA512) is happening because your downloaded .sha > file is compressed for some reason. Try to decompress it using, for > example, 7zip. > > Regards, > Alexander Sorokin > > -----Original Message----- > From: Murat Sutunc [mailto:mura...@microsoft.com] > Sent: Tuesday, May 12, 2015 3:20 > To: dev@cordova.apache.org > Subject: RE: [VOTE] cordova-plugin-vibration release > > Sorry to hijack this thread but this is my first time verifying a release > and I've some questions before signing off.. > > 1) I was looking at the coho docs but wasn't able to figure out how to > download a release from dist/dev. Any tips? > 2) For now I've manually copied the tgz files from the dist.apache and ran > my validation. I've ran into the following issue, is it expected? > > C:\Users\muratsu\Desktop\plugin>coho verify-archive > cordova-plugin-vibration-1.1.0.tgz > Running from c:\dev > ./ ============================= Executing: gpg --verify > C:\Users\muratsu\Desktop\plugin\cordova-plugin-vibration-1.1.0.tgz.asc > C:\Users\muratsu\Desktop\plugin\cordova-plugin-vibration-1.1.0.tgz > gpg: Signature made 05/07/15 17:24:14 Pacific Daylight Time using RSA key > ID FFCA68BE > gpg: Good signature from "Steve Gill (code signing key) <ste...@apache.org>" > [unknown] > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: EBAC 6409 FA2F 2FCF A42C 1080 3843 B8F9 FFCA > 68BE ./ ============================= Computing MD5 for: > C:\Users\muratsu\Desktop\plugin\cordova-plugin-vibration-1.1.0.tgz > ./ ============================= Computing SHA512 for: > C:\Users\muratsu\Desktop\plugin\cordova-plugin-vibration-1.1.0.tgz > SHA512 does not match. > > Other than this issue, changes look good to me. +1 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org > For additional commands, e-mail: dev-h...@cordova.apache.org >
