Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

mismatched sha256sum #171

Open
ripesensor opened this issue Apr 15, 2020 · 1 comment
Open

mismatched sha256sum #171

ripesensor opened this issue Apr 15, 2020 · 1 comment

Comments

@ripesensor
Copy link

ripesensor commented Apr 15, 2020

Downloaded from https://bucardo.org/downloads/check_postgres.tar.gz, unpacked and ran cpansign -v:

$ cpansign -v
Executing gpg --verify --batch --no-tty --keyserver=hkp://pool.sks-keyservers.net:11371 --keyserver-options=auto-key-retrieve /tmp/ctig7zv6q7
gpg: Signature made Mon 03 Feb 2020 07:53:15 PM EST
gpg:                using DSA key BC9B906714964AC8
gpg: Good signature from "Greg Sabino Mullane <[email protected]>" [unknown]
gpg:                 aka "Greg Sabino Mullane (End Point Corporation) <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 2529 DF6A B8F7 9407 E944  45B4 BC9B 9067 1496 4AC8
--- SIGNATURE	2020-02-03 19:53:48.000000000 -0500
+++ -	2020-04-15 16:29:11.680333873 -0400
@@ -24,7 +24,7 @@
 SHA256 074851520b04909ab15f3e64015ba19be8791124c9927a34c58e28a194092a35 README.md
 SHA256 b32a224f3752f4a608dc6959d614626a2bc054daa7c086dae77af727e19623d6 TODO
 SHA256 bde647425d1ead756b47170f378876af9c52a694801199a581571095136c3cb0 check_postgres.pl
-SHA256 23920745377364d3e175b4dacece36495072b24fedace08bed83f2efc03f61d4 check_postgres.pl.asc
+SHA256 ac7a9d82adc2388a8ed1428be077f19e07a7c52b6ba959906e8f14a0c893ce93 check_postgres.pl.asc
 SHA256 f980b970e772001084e308294574dce800dcb6cfd2c74b689b55810e1b44fab1 check_postgres.pl.html
 SHA256 ac0bf76395788f0f80acb21cd44c9fe642f81ef9398367cd2daf0cd498875f64 perlcriticrc
 SHA256 9fcca73430b5197ebda1034292297e22b22f1a2d0bbc560f69c5881893c79da8 t/00_basic.t
==> MISMATCHED content between SIGNATURE and distribution files! <==
sha256sum: 11b52f86c44d6cc26e9a4129e67c2589071dbe1b8ac1f8895761517491c6e44b  check_postgres.tar.gz
@jonjensen
Copy link
Member

I confirm this problem. I get the same result.

@turnstep I looked over your README.dev instructions and it seems its order of running make signature_asc and then make signature would work, yet somehow the signature in that particular release tarball was wrong.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants