On Fri, 03 Jun 2022 21:36:16 +0200 Luca Saiu via Replicant <replicant@osuosl.org> wrote: > First problem: missing recovery image on the web site. [...] > So instead I tried using the image found here > > https://ftp-osl.osuosl.org/pub/replicant/images/replicant-6.0/0004-transition/images/n7100/ > which look recent, along with the other versions I had. Thanks a lot for that information. Here I'll probably fix it in a similar way (for instance by copying the transition recovery and adding a README nearby) because: - Normally the difference between the transition and the normal release are in the zip files and not in the recoveries. - The n7100.sha256 file doesn't have any trace of a 0004 recovery for n7100 either.
> Second problem: installing the new 6.0-0004 image over ADB fails as > shown here: > https://ageinghacker.net/scratch/install-failed.jpg For the record this image shows a recovery screen with the following text: > Install failed > > Now send the package you want to apply > to the device with "adb sideload <filename>"... > Finding update package... > Opening update package... > Verifying update package... > E:footer is wrong > E:signature verification failed > Installation aborted > The image looks correct, but... > [luca@moore ~/replicant/installation-backup/6.0-0004]$ gpg > --verify replicant-6.0-0004-n7100.zip.asc > replicant-6.0-0004-n7100.zip gpg: Signature made Fri 21 Jan 2022 > 12:04:48 AM CET gpg: using RSA key > 782F9DDBE36BA7F3D4DE49065F5DFCC14177E263 gpg: Good signature from > "Denis 'GNUtoo' Carikli <gnu...@cyberdimension.org>" [expired] gpg: > aka "Denis 'GNUtoo' Carikli <gnu...@no-log.org>" > [expired] gpg: aka "Denis 'GNUtoo' Carikli > <gnu...@riseup.net>" [expired] gpg: aka "Denis > 'GNUtoo' Carikli <gnu...@makefreedom.org>" [expired] gpg: Note: This > key has expired! Primary key fingerprint: FB31 DBA3 AB8D B76A 4157 > 329F 7651 568F 8037 4459 Subkey fingerprint: 782F 9DDB E36B A7F3 D4DE > 4906 5F5D FCC1 4177 E263 [...] > This might be the problem: as gpg says above, the key has since > expired. Could that be the reason why the image verification fails? > Or maybe the recovery system I am using simply lacks the correct key. Basically we use gpg for signing the zip and recovery images but Android also has its own signature system internally and both systems are completely separate. Several keys are generated during the build and Android uses that to verify the zip files, the system applications and so on. And normally the 0004 and the 0004-transition should have been built with the same key sets, so something looks really wrong here. I'll try to reproduce it and report here. Denis.
pgptwJAOuPSsm.pgp
Description: OpenPGP digital signature
_______________________________________________ Replicant mailing list Replicant@osuosl.org https://lists.osuosl.org/mailman/listinfo/replicant
