[ https://issues.apache.org/jira/browse/TIKA-2003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dave Meikle reassigned TIKA-2003: --------------------------------- Assignee: Dave Meikle > Tika 1.13 gpg signature not validating. > --------------------------------------- > > Key: TIKA-2003 > URL: https://issues.apache.org/jira/browse/TIKA-2003 > Project: Tika > Issue Type: Bug > Reporter: Stephen Durham > Assignee: Dave Meikle > > I am using Tika via the logicalspark/docker-tikaserver instance and I noticed > that the latest update to 1.13 failed the build process for the docker > instance due to a bad signature. I took the > steps outlined below to make sure that this was actually an issue before > submitting the ticket. > There is a related issue from a few years back, same RSA key 0EB30B07. The > ticket is 1345. > Thanks in advance for any assistance with this issue. > -Stephen > First I tested with the Docker instance. I cloned the > logicalspark/docker-tikaserver repo and attempted the docker build locally. > The build encountered the following error: > {noformat} > gpg: Signature made Mon May 9 17:34:48 2016 UTC using RSA key ID 0EB30B07 > gpg: Can't check signature: public key not found > {noformat} > I then tested locally. With no keys other than those contained in tika.asc > {noformat} > wget https://people.apache.org/keys/group/tika.asc > wget http://apache.mirrors.tds.net/tika/tika-server-1.13.jar > wget https://www.apache.org/dist/tika/tika-server-1.13.jar.asc > {noformat} > Then I verified the MD5 sum matches the download page. > {noformat} > md5 tika-server-1.13.jar > MD5 (tika-server-1.13.jar) = 155bec7b7cb25b22effa99db1fb8e233 > {noformat} > Next I verified the signature following the steps on the download page. > 1. Import the Keys. > {noformat} > gpg --import tika.asc > gpg: /Users/stephen/.gnupg/trustdb.gpg: trustdb created > gpg: key B876884A: public key "Chris Mattmann (CODE SIGNING KEY)" imported > gpg: key 6ED9BE21: public key "Bob Paulin (CODE SIGNING KEY)" imported > gpg: key 0890B1AB: public key "Konstantin Gribov (gross)" imported > gpg: key 6E68DA61: public key "Michael McCandless (CODE SIGNING KEY)" imported > gpg: key A355A63E: public key "Jukka Zitting" imported > gpg: key 8A26D9A6: public key "Jukka Zitting" imported > gpg: key 42CFAE07: public key "Jukka Zitting (CODE SIGNING KEY)" imported > gpg: key 95D21F2E: public key "Ray Gauss II (CODE SIGNING KEY)" imported > gpg: key D4F10117: public key "Tyler Palsulich" imported > gpg: key DEDEAB92: public key "Sergey Beryozkin (Release Management)" imported > gpg: key 97EDDE66: public key "tallison (apache_distro_keys)" imported > gpg: key 48BAEBF6: public key "Lewis John McGibbney (CODE SIGNING KEY)" > imported > gpg: key D84E41AE: public key "Nick Burch" imported > gpg: Total number processed: 13 > gpg: imported: 13 (RSA: 8) > gpg: no ultimately trusted keys found > {noformat} > 2. Verify the signature. > {noformat} > gpg --verify tika-server-1.13.jar.asc > gpg: assuming signed data in `tika-server-1.13.jar' > gpg: Signature made Mon May 9 12:34:48 2016 CDT using RSA key ID 0EB30B07 > gpg: Can't check signature: public key not found > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)