[jira] [Commented] (TIKA-1345) Bad signature in gpg, md5 and sha1 verification

Thu, 19 Jun 2014 11:05:23 -0700 

    [ 
https://issues.apache.org/jira/browse/TIKA-1345?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14037605#comment-14037605
 ] 

Nick Burch commented on TIKA-1345:
----------------------------------

FWIW, when I check on the master ASF download server (which the mirrors sync 
from), the tika app jar verifies fine:

/www/www.apache.org/dist/tika$ gpg --verify tika-app-1.5.jar.asc
gpg: Signature made Sun Feb  9 21:42:27 2014 UTC using RSA key ID 0EB30B07
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   2  signed:   3  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: depth: 1  valid:   3  signed:  10  trust: 3-, 0q, 0n, 0m, 0f, 0u
gpg: Good signature from "David Meikle (CODE SIGNING KEY) <dmei...@apache.org>"

> Bad signature in gpg, md5 and sha1 verification
> -----------------------------------------------
>
>                 Key: TIKA-1345
>                 URL: https://issues.apache.org/jira/browse/TIKA-1345
>             Project: Tika
>          Issue Type: Bug
>          Components: packaging
>    Affects Versions: 1.5
>            Reporter: Luis
>              Labels: gpg, md5sum, sha1sum
>
> Either source and jar files show the same "BAD signature warning":
> $ gpg --import KEYS                 
> gpg: key A355A63E: "Jukka Zitting <ju...@apache.org>" not changed
> gpg: key B876884A: "Chris Mattmann (CODE SIGNING KEY) <mattm...@apache.org>" 
> not changed
> gpg: key 9740DD55: "David Meikle (CODE SIGNING KEY) <dmei...@apache.org>" not 
> changed
> gpg: key AEA8C6AB: "David Meikle (CODE SIGNING KEY) <dmei...@apache.org>" not 
> changed
> gpg: key 0EB30B07: "David Meikle (CODE SIGNING KEY) <dmei...@apache.org>" not 
> changed
> gpg: Número total processado: 5
> gpg:              não modificados: 5
> $ gpg --verify tika-app-1.5.jar.asc 
> gpg: Signature made Dom 09 Fev 2014 21:42:27 WET using RSA key ID 0EB30B07
> gpg: BAD signature from "David Meikle (CODE SIGNING KEY) <dmei...@apache.org>"
> And md5sum and sha1sum show different hashes for files.  I used firefox to 
> download them and then wget to confirm it was not an issue regarding the 
> download client.
> $ md5sum tika-1.5-src.zip
> 649b68df4fe628ea4a83da0e71542dbf  tika-1.5-src.zip
> From the site: MD5: 48477b2e70e0e62ece09af7ada5037fa
> $ md5sum tika-app-1.5.jar
> 06e48845d4f2bfcc9c1f5c395ef90790  tika-app-1.5.jar
> From the site: MD5: 2124a77289efbb30e7228c0f7da63373



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to