Looks fine at my end -

 girish$ ./verify-ofbiz-release.sh apache-ofbiz-17.12.04.zip

sha check of file: apache-ofbiz-17.12.04.zip

Using sha file: apache-ofbiz-17.12.04.zip.sha512

apache-ofbiz-17.12.04.zip: 87FC62B2 8005BE59 FBB5AA69 6F0317C1 72273F02
EB39DD82 9738761C 694D644B F004C3A6 12E8DB41 512C726A 4F5E991F D80A6A84
4AADE640 7B726DC1 8E4182A8

apache-ofbiz-17.12.04.zip: 87FC62B2 8005BE59 FBB5AA69 6F0317C1 72273F02
EB39DD82 9738761C 694D644B F004C3A6 12E8DB41 512C726A 4F5E991F D80A6A84
4AADE640 7B726DC1 8E4182A8

sha checksum OK


GPG verification output

gpg: Signature made Sun Jul  5 13:38:45 2020 IST

gpg:                using RSA key 7A580908847AF9E0

gpg: Good signature from "Jacopo Cappellato (CODE SIGNING KEY) <
jaco...@apache.org>" [unknown]

gpg: WARNING: This key is not certified with a trusted signature!

gpg:          There is no indication that the signature belongs to the
owner.

Primary key fingerprint: 3545 C5E3 1CC2 D029 B2CC  AD06 7A58 0908 847A F9E0

Best,
Girish


On Sun, Jul 5, 2020 at 3:24 PM Jacques Le Roux <jacques.le.r...@les7arts.com>
wrote:

> Hi Jacopo,
>
> Something is wrong, I get that (dowloaded twice, except the package which
> opens normally):
>
> $ ./verify-ofbiz-release.sh apache-ofbiz-17.12.04.zip
> sha check of file: apache-ofbiz-17.12.04.zip
> Using sha file: apache-ofbiz-17.12.04.zip.sha512
> apache-ofbiz-17.12.04.zip: 87FC62B2 8005BE59 FBB5AA69 6F0317C1 72273F02
> EB39DD82 9738761C 694D644B F004C3A6 12E8DB41 512C726A 4F5E991F D80A6A84
> 4AADE640 7B726DC1 8E4182A8
> apache-ofbiz-17.12.04.zip: 74F79D42 2746A409 9C0F2E0D 5F96C070 78C73D7B
> 4C681452 EB974F18 33E2E391 3E1C7D1F 2F0E8A44 C18AC8FF A9F86094 4C9F5D4D
> 5DDA3AB9 E2DC2057 CA0F2E33
> sha sums mismatch!
>
> GPG verification output
> gpg: Signature made Fri Jul  3 16:04:40 2020
> gpg:                using RSA key 7A580908847AF9E0
> gpg: BAD signature from "Jacopo Cappellato (CODE SIGNING KEY) <
> jaco...@apache.org>"
>
> Could it be on my side? Anyone reproduce?
>
> Jacques
>
> Le 05/07/2020 à 10:23, Jacopo Cappellato a écrit :
> > This is the vote thread (second attempt) to publish a new bug fix release
> > from the "release17.12" branch. This new release, "Apache OFBiz
> 17.12.04",
> > will supersede all the previous releases from the same branch.
> >
> > The release files can be downloaded from here:
> > https://dist.apache.org/repos/dist/dev/ofbiz/
> > and are:
> > * apache-ofbiz-17.12.04.zip
> > * KEYS: text file with keys
> > * apache-ofbiz-17.12.04.zip.asc: the detached signature file
> > * apache-ofbiz-17.12.04.zip.sha512: checksum file
> >
> > Please download and test the zip file and its signatures (for
> instructions
> > on testing the signatures see
> http://www.apache.org/info/verification.html).
> >
> > Vote:
> > [ +1] release as Apache OFBiz 17.12.04
> > [ -1] do not release
> >
> > This vote will be open for 5 days.
> >
> > For more details about this process please read
> > http://www.apache.org/foundation/voting.html
>
>

Reply via email to