BTS

Issue1327

Issues
Show Unassigned
Show Release Stoppers
Show Testing candidates
Show All
Search

Login




Register
Lost your login?

Help
Roundup docs

Title Typo/error in grml96-full_2014.11.iso.sha1.asc
Priority bug Status resolved
Superseder Nosy List aheinlein
Assigned To Topics

Created on 2014-11-18.09:04:59 by aheinlein, last changed 2014-11-18.11:27:43 by mika.

Messages
msg4877 (view) Author: mika Date: 2014-11-18.11:04:03 
* Andreas Heinlein wrote in grml's BTS on 20141118 / 11:08:

> the file itself verifies OK. What confused me is that I somehow thought
> that the line
> "Hash: SHA256" were to indicate that the following line contains the
> SHA256SUM of grml96-full_2014.11.iso, while it actually contains the
> SHA1SUM. But after reading it a second time, I guess this is actually a
> hint from gpg which hash sum was used for the signature.

Ahhh, now I see what you mean, this is indeed confusing. :)

> Sorry about that.

No problem at all, better safe than sorry. Thanks for taking care!

regards,
-mika-
msg4876 (view) Author: aheinlein Date: 2014-11-18.10:08:46 
Hello,

the file itself verifies OK. What confused me is that I somehow thought
that the line
"Hash: SHA256" were to indicate that the following line contains the
SHA256SUM of grml96-full_2014.11.iso, while it actually contains the
SHA1SUM. But after reading it a second time, I guess this is actually a
hint from gpg which hash sum was used for the signature.

Sorry about that.

Andreas

Am 18.11.2014 um 11:02 schrieb Michael Prokop:
> Michael Prokop <mika@grml.org> added the comment:
>
> * Andreas Heinlein wrote in grml's BTS on 20141118 / 10:05:
>
>> The file containing the checksum and signature for
>> grml96-full_2014.11.iso reads:
>> ea7204ed77fa3df3a4ed68e3b8e2ad6f95d5242d  grml96-full_2014.11.iso
> I'm not sure what you mean,
> http://ftp-master.grml.org/grml96-full_2014.11.iso.sha1.asc
> looks just fine to me.
>
> | % gpg --verify grml96-full_2014.11.iso.sha1.asc
> | gpg: Signature made Sat Nov 15 11:28:24 2014 CET using RSA key ID B7EA3737
> | gpg: Good signature from [...]
>
> Notice that it is signed by my new key B7EA3737 (and no longer with 37E272E8).
>
> regards,
> -mika-
>
> ----------
> status: unread -> chatting
>
> _____________________________________
> GRML issue tracker <bts@bts.grml.org>
> <http://bts.grml.org/grml/issue1327>
> _____________________________________
msg4875 (view) Author: mika Date: 2014-11-18.10:02:43 
* Andreas Heinlein wrote in grml's BTS on 20141118 / 10:05:

> The file containing the checksum and signature for
> grml96-full_2014.11.iso reads:

> ea7204ed77fa3df3a4ed68e3b8e2ad6f95d5242d  grml96-full_2014.11.iso

I'm not sure what you mean,
http://ftp-master.grml.org/grml96-full_2014.11.iso.sha1.asc
looks just fine to me.

| % gpg --verify grml96-full_2014.11.iso.sha1.asc
| gpg: Signature made Sat Nov 15 11:28:24 2014 CET using RSA key ID B7EA3737
| gpg: Good signature from [...]

Notice that it is signed by my new key B7EA3737 (and no longer with 37E272E8).

regards,
-mika-
msg4874 (view) Author: aheinlein Date: 2014-11-18.09:04:59 
The file containing the checksum and signature for
grml96-full_2014.11.iso reads:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

ea7204ed77fa3df3a4ed68e3b8e2ad6f95d5242d  grml96-full_2014.11.iso
-----BEGIN PGP SIGNATURE-----
...

The second line is wrong, as this is actually a SHA1 hash. Not a big
thing, but confused me a little. Don't know if the other checksum files
contain the same error.
History
Date User Action Args
2014-11-18 11:27:43mikasetstatus: chatting -> resolved
priority: bug
2014-11-18 11:04:03mikasetmessages: + msg4877
2014-11-18 10:08:46aheinleinsetmessages: + msg4876
2014-11-18 10:02:44mikasetstatus: unread -> chatting
messages: + msg4875
2014-11-18 09:04:59aheinleincreate