[TIKA-1345] Bad signature in gpg, md5 and sha1 verification - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Not A Problem
Affects Version/s: 1.5
Fix Version/s: None
Component/s: packaging
Labels:
- gpg
- md5sum
- sha1sum

Description

Either source and jar files show the same "BAD signature warning":

$ gpg --import KEYS
gpg: key A355A63E: "Jukka Zitting <jukka@apache.org>" not changed
gpg: key B876884A: "Chris Mattmann (CODE SIGNING KEY) <mattmann@apache.org>" not changed
gpg: key 9740DD55: "David Meikle (CODE SIGNING KEY) <dmeikle@apache.org>" not changed
gpg: key AEA8C6AB: "David Meikle (CODE SIGNING KEY) <dmeikle@apache.org>" not changed
gpg: key 0EB30B07: "David Meikle (CODE SIGNING KEY) <dmeikle@apache.org>" not changed
gpg: Número total processado: 5
gpg: não modificados: 5

$ gpg --verify tika-app-1.5.jar.asc
gpg: Signature made Dom 09 Fev 2014 21:42:27 WET using RSA key ID 0EB30B07
gpg: BAD signature from "David Meikle (CODE SIGNING KEY) <dmeikle@apache.org>"

And md5sum and sha1sum show different hashes for files. I used firefox to download them and then wget to confirm it was not an issue regarding the download client.

$ md5sum tika-1.5-src.zip
649b68df4fe628ea4a83da0e71542dbf tika-1.5-src.zip
From the site: MD5: 48477b2e70e0e62ece09af7ada5037fa

$ md5sum tika-app-1.5.jar
06e48845d4f2bfcc9c1f5c395ef90790 tika-app-1.5.jar
From the site: MD5: 2124a77289efbb30e7228c0f7da63373

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Luis

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 19/Jun/14 16:20

Updated:: 19/Jun/14 21:48

Resolved:: 19/Jun/14 21:48