First Last Prev Next    This bug is not in your last search results.
Bug 14783 - Subject: [SM-Discuss] python gpg check
: Subject: [SM-Discuss] python gpg check
Status: CLOSED FIXED
Product: Security
Classification: Unclassified
Component: Spell Issues
: unspecified
: x86 Linux
: P3 normal
Assigned To: Security
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-10-04 11:44 UTC by Andrew Stitt
Modified: 2008-10-05 10:35 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Stitt 2008-10-04 11:44:07 UTC 
From: Treeve Jelbert <treeve@scarlet.be>
Organization: Knowhow scrl
To: sm-discuss@lists.ibiblio.org
Date: Sat, 4 Oct 2008 09:55:19 +0200
User-Agent: KMail/1.10.1 (Linux/2.6.26; KDE/4.1.2; i686; ; )
Subject: [SM-Discuss] python gpg check

Preparing python
GPG checking source file Python-2.6.tar.bz2...
gpg: armor header: Version: GnuPG v1.4.6 (GNU/Linux)
gpg: Signature made Thu Oct  2 19:05:34 2008 CEST using DSA key ID EA5BBD71
gpg: BAD signature from "Barry A. Warsaw <barry@warsaw.us>"
gpg: binary signature, digest algorithm SHA1
Failure to verify gpg signature

--
Regards, Treeve
_______________________________________________
SM-Discuss mailing list
SM-Discuss@lists.ibiblio.org
http://lists.ibiblio.org/mailman/listinfo/sm-discuss
Comment 1 Elisamuel Resto 2008-10-04 11:58:24 UTC 
Can't reproduce. Used downloaded sources (right after the commit of 2.6 to the grimoires) and re-downloaded ones.

gpg: armor header: Version: GnuPG v1.4.6 (GNU/Linux)
gpg: assuming signed data in `Python-2.6.tar.bz2'
gpg: Signature made Thu 02 Oct 2008 01:05:34 PM AST using DSA key ID EA5BBD71
gpg: Good signature from "Barry A. Warsaw <barry@warsaw.us>"
gpg:                 aka "Barry A. Warsaw <barry@wooz.org>"
gpg:                 aka "Barry A. Warsaw <barry@python.org>"
gpg:                 aka "Barry A. Warsaw <barry@canonical.com>"
gpg:                 aka "Barry Warsaw (GNU Mailman) <barry@list.org>"
gpg:                 aka "Barry A. Warsaw <barry.warsaw@canonical.com>"
gpg: binary signature, digest algorithm SHA1
Comment 2 Andrew Stitt 2008-10-04 11:59:19 UTC 
its ok for me

root@sourcemage-chroot:/var/lib/sorcery/codex/grimoire# delve PRE_BUILD python
DEBUG:  PRE_BUILD
Running state PRE_BUILD
Building python 
GPG checking source file Python-2.6.tar.bz2...
Algorithm used: sha1
Allowing new hashsha1
Checking spell level UPSTREAM_KEY
Spell level is a new allowed level
gpg signature verified!
Unpacking source file Python-2.6.tar.bz2 for spell python.
root@sourcemage-chroot:/var/lib/sorcery/codex/grimoire# sha512sum /var/spool/sorcery/Python-2.6.tar.bz2*
2e2ebddbcf3477e3447e07c7f38561a3a615c1f837d9b2174e54083822273c198c4c4801041d612e68546277d8e84c79392394a1f30895cba2ac489883eab7db  /var/spool/sorcery/Python-2.6.tar.bz2
6425374572dc120fec26f4a6b28f19ecc1b6f879f5261e1336b1aab2ba89335c519f67ac2b9654ed1dad56ad6fe22a4bdb43d808353230ff2a61144bc0780b09  /var/spool/sorcery/Python-2.6.tar.bz2.asc

this is with git grimoire branch master at df133bfd019fbbd32eb4542c8d7f28165c16fbe3
Comment 3 Treeve Jelbert 2008-10-04 12:26:31 UTC 
In that case it seems to be a problem with my gpg setup?



treeve@Gemini-32:~/smgl/git/grimoire/devel/python$ gpg --verify --keyring ./python.gpg /var/spool/sorcery/Python-2.6.tar.bz2.asc
gpg: armor header: Version: GnuPG v1.4.6 (GNU/Linux)
gpg: assuming signed data in `/var/spool/sorcery/Python-2.6.tar.bz2'
gpg: Signature made Thu 02 Oct 2008 19:05:34 CEST using DSA key ID EA5BBD71
gpg: using PGP trust model
gpg: BAD signature from "Barry A. Warsaw <barry@warsaw.us>"
gpg: binary signature, digest algorithm SHA1
Comment 4 Treeve Jelbert 2008-10-04 14:46:24 UTC 
I fetched the python tarball again, and now the gpg is ok

$ gpg --verify --keyring ./python.gpg /var/spool/sorcery/Python-2.6.tar.bz2.asc
gpg: armor header: Version: GnuPG v1.4.6 (GNU/Linux)
gpg: assuming signed data in `/var/spool/sorcery/Python-2.6.tar.bz2'
gpg: Signature made Thu 02 Oct 2008 19:05:34 CEST using DSA key ID EA5BBD71
gpg: using PGP trust model
gpg: Good signature from "Barry A. Warsaw <barry@warsaw.us>"
gpg:                 aka "Barry A. Warsaw <barry@wooz.org>"
gpg:                 aka "Barry A. Warsaw <barry@python.org>"
gpg:                 aka "Barry A. Warsaw <barry@canonical.com>"
gpg:                 aka "Barry Warsaw (GNU Mailman) <barry@list.org>"
gpg:                 aka "Barry A. Warsaw <barry.warsaw@canonical.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: DBBF 2EEB F925 FAAD CF1F  3FFF D986 6941 EA5B BD71
gpg: binary signature, digest algorithm SHA1
First Last Prev Next    This bug is not in your last search results.