activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chet Graham <cgra...@curaspan.com>
Subject Re: BAD signature on ActiveMQ 5.3.1 unix binary download?
Date Wed, 14 Apr 2010 15:16:28 GMT

Hi Dejan,

It looks like my mistake.  My Browser corrupted the first download, and when
i went to subsequent mirrors it was renaming the downloads by appending .1,
.2, etc.  I did not notice this so each time i did the verify it was was
still looking at the first file.

I deleted the corrupted download repeated the download and now get the
correct response:

gpg --verify apache-activemq-5.3.1-bin.tar.gz.asc
gpg: Signature made Thu Mar 18 10:38:14 2010 EDT using DSA key ID 6852C7DA
gpg: Good signature from "Dejan Bosanac <dejan@nighttale.net>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: A526 834C C957 4F59 465A  0C88 C31A 3F70 6852 C7DA

Thanks for the quick response, and all the great work on this product.


Dejan Bosanac wrote:
> 
> Hi,
> 
> I talked too soon as the asc file I downloaded was renamed by the browser
> during the download.
> 
> I just repeated the procedure on the clean machine and everything looks
> good
> 
> dejanb@dejanb-desktop:~/downloads/test$ ll
> total 32392
> drwxr-xr-x 2 dejanb dejanb     4096 2010-04-14 16:57 .
> drwxr-xr-x 4 dejanb dejanb     4096 2010-04-14 16:57 ..
> -rw-r--r-- 1 dejanb dejanb 33100361 2010-04-14 16:57
> apache-activemq-5.3.1-bin.tar.gz
> -rw-r--r-- 1 dejanb dejanb      197 2010-04-14 16:50
> apache-activemq-5.3.1-bin.tar.gz.asc
> -rw-r--r-- 1 dejanb dejanb    14086 2010-04-14 16:50 KEYS
> dejanb@dejanb-desktop:~/downloads/test$ gpg --import KEYS
> gpg: keyring `/home/dejanb/.gnupg/secring.gpg' created
> gpg: keyring `/home/dejanb/.gnupg/pubring.gpg' created
> gpg: /home/dejanb/.gnupg/trustdb.gpg: trustdb created
> gpg: key F5BA7E4F: public key "Hiram Chirino <hiram@hiramchirino.com>"
> imported
> gpg: key 56F3E01B: public key "David Jencks (geronimo)
> <david_jencks@yahoo.com>" imported
> gpg: key 456DFEA9: public key "David M. Johnson (Dave Johnson)
> <snoopdave@apache.org>" imported
> gpg: key 17AA5B25: public key "David Johnson <snoopdave@apache.org>"
> imported
> gpg: key 69CC103E: public key "Gary Tully (key for apache releases)
> <gary.tully@gmail.com>" imported
> gpg: key 2C983957: public key "Bruce Snyder <bsnyder@apache.org>" imported
> gpg: key 6852C7DA: public key "Dejan Bosanac <dejan@nighttale.net>"
> imported
> gpg: Total number processed: 7
> gpg:               imported: 7  (RSA: 1)
> gpg: no ultimately trusted keys found
> dejanb@dejanb-desktop:~/downloads/test$ gpg --verify
> apache-activemq-5.3.1-bin.tar.gz.asc
> gpg: Signature made Thu 18 Mar 2010 03:38:14 PM CET using DSA key ID
> 6852C7DA
> gpg: Good signature from "Dejan Bosanac <dejan@nighttale.net>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: A526 834C C957 4F59 465A  0C88 C31A 3F70 6852
> C7DA
> dejanb@dejanb-desktop:~/downloads/test$
> 
> 
> I'm noticing that your archive size is not the same size as one I just
> downloaded. Can you pass the link to the mirror you were using?
> 
> Cheers
> --
> Dejan Bosanac - http://twitter.com/dejanb
> 
> Open Source Integration - http://fusesource.com/
> ActiveMQ in Action - http://www.manning.com/snyder/
> Blog - http://www.nighttale.net
> 
> 
> On Wed, Apr 14, 2010 at 4:40 PM, Dejan Bosanac <dejan@nighttale.net>
> wrote:
> 
>> Hi Chet,
>>
>> I get the same error. I'll investigate what's the problem. But I think
>> you're safe using the release in the meantime. Alternatively, you can
>> build
>> it yourself.
>>
>> Cheers
>> --
>> Dejan Bosanac - http://twitter.com/dejanb
>>
>> Open Source Integration - http://fusesource.com/
>> ActiveMQ in Action - http://www.manning.com/snyder/
>> Blog - http://www.nighttale.net
>>
>>
>> On Wed, Apr 14, 2010 at 4:32 PM, Dejan Bosanac
>> <dejan@nighttale.net>wrote:
>>
>>> Hi,
>>>
>>> let me try to verify it ... and see where the problem is.
>>>
>>> Cheers
>>> --
>>> Dejan Bosanac - http://twitter.com/dejanb
>>>
>>> Open Source Integration - http://fusesource.com/
>>> ActiveMQ in Action - http://www.manning.com/snyder/
>>> Blog - http://www.nighttale.net
>>>
>>>
>>>
>>> On Wed, Apr 14, 2010 at 4:04 PM, Chet Graham
>>> <cgraham@curaspan.com>wrote:
>>>
>>>>
>>>> I've downloaded the following from several mirrors:
>>>>
>>>> 33068436 Apr 14 09:12 apache-activemq-5.3.1-bin.tar.gz
>>>>        197 Apr 14 09:51 apache-activemq-5.3.1-bin.tar.gz.asc
>>>>     14086 Apr 14 09:24 KEYS.txt
>>>>
>>>> and performed these steps:
>>>>
>>>> gpg --import KEYS.txt
>>>> gpg: key F5BA7E4F: "Hiram Chirino <hiram@hiramchirino.com>" not changed
>>>> gpg: key 56F3E01B: "David Jencks (geronimo) <david_jencks@yahoo.com>"
>>>> not
>>>> changed
>>>> gpg: key 456DFEA9: "David M. Johnson (Dave Johnson) <
>>>> snoopdave@apache.org>"
>>>> not changed
>>>> gpg: key 17AA5B25: "David Johnson <snoopdave@apache.org>" not changed
>>>> gpg: key 69CC103E: "Gary Tully (key for apache releases)
>>>> <gary.tully@gmail.com>" not changed
>>>> gpg: key 2C983957: "Bruce Snyder <bsnyder@apache.org>" not changed
>>>> gpg: key 6852C7DA: "Dejan Bosanac <dejan@nighttale.net>" not changed
>>>> gpg: Total number processed: 7
>>>> gpg:              unchanged: 7
>>>>
>>>> gpg --verify apache-activemq-5.3.1-bin.tar.gz.asc
>>>> gpg: Signature made Thu Mar 18 10:38:14 2010 EDT using DSA key ID
>>>> 6852C7DA
>>>> gpg: BAD signature from "Dejan Bosanac <dejan@nighttale.net>"
>>>>
>>>> Anyone else hitting this issue?  I'm reluctant to proceed with
>>>> installing
>>>> this release.
>>>>
>>>> gpg --version
>>>> gpg (GnuPG) 1.4.7
>>>> Copyright (C) 2006 Free Software Foundation, Inc.
>>>> This program comes with ABSOLUTELY NO WARRANTY.
>>>> This is free software, and you are welcome to redistribute it
>>>> under certain conditions. See the file COPYING for details.
>>>>
>>>> Home: ~/.gnupg
>>>> Supported algorithms:
>>>> Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
>>>> Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
>>>> Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
>>>> Compression: Uncompressed, ZIP, ZLIB, BZIP2
>>>>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://old.nabble.com/BAD-signature-on-ActiveMQ-5.3.1-unix-binary-download--tp28243080p28243080.html
>>>> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>>>>
>>>>
>>>
>>
> 
> 
> -----
> Dejan Bosanac
> 
> Open Source Integration - http://fusesource.com/
> ActiveMQ in Action - http://www.manning.com/snyder/
> Blog - http://www.nighttale.net
> 

-- 
View this message in context: http://old.nabble.com/BAD-signature-on-ActiveMQ-5.3.1-unix-binary-download--tp28243080p28244048.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message