incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcus (OOo)" <marcus.m...@wtnet.de>
Subject Re: [CHECKSUMS MAC OS] Need help to check and fix the instructions for the ASC and KEYS hashes on Mac OS
Date Tue, 09 Oct 2012 19:11:46 GMT
Am 10/09/2012 10:25 AM, schrieb Jürgen Schmidt:
> On 10/8/12 8:59 PM, Marcus (OOo) wrote:
>> Am 10/08/2012 11:05 AM, schrieb Jürgen Schmidt:
>>> On 10/5/12 9:23 PM, Marcus (OOo) wrote:
>>>> Am 10/05/2012 09:57 AM, schrieb Jürgen Schmidt:
>>>>> On 10/4/12 10:33 PM, Marcus (OOo) wrote:
>>>>>> Hi Mac fans,
>>>>>>
>>>>>> as I've no Mac at hand please can someone help me with verifing and
>>>>>> fixing the checksum instructions:
>>>>>>
>>>>>> http://www.openoffice.org/download/checksums/3.4.1_checksums.html#howto
>>>>>>
>>>>>>
>>>>>> "This is how you verify with ASC and KEYS hashes on Mac OS"
>>>>>>
>>>>>> A user has reported a problem with the following line:
>>>>>>
>>>>>> KEYID="0x`...
>>>>>>
>>>>>> (see IZ 121159 for reference)
>>>>>>
>>>>>> Thanks in advance
>>>>>
>>>>> why so complicate? I am no gpg guru but I thought it should be
>>>>> enough to
>>>>
>>>> I simply collected what I've found in the Internet.
>>>>
>>>>> 1. import the official KEYS as you have described
>>>>> 2. gpg --verify
>>>>> Apache_OpenOffice_incubating_3.4.1_MacOS_x86_install_en-GB.dmg.asc
>>>>> Apache_OpenOffice_incubating_3.4.1_MacOS_x86_install_en-GB.dmg
>>>>>
>>>>> Result if it's ok:
>>>>>
>>>>> gpg: Signature made Mon Aug 13 15:47:11 2012 CEST using RSA key ID
>>>>> ABABABAB
>>>>> gpg: Good signature from "Juergen Schmidt<XXXt@XXX.com>"
>>>>> gpg:                 aka "Juergen Schmidt<YYY@YYY.com>"
>>>>> gpg:                 aka "Juergen Schmidt<VVV@VVV.org>"
>>>>>
>>>>> Result if it's a bad signature:
>>>>>
>>>>> gpg: Signature made Mon Aug 13 15:47:11 2012 CEST using RSA key ID
>>>>> ABABABAB
>>>>> gpg: BAD signature from "Juergen Schmidt<XXX@XXX.com>"
>>>>
>>>> Interesting, at least on Linux I've to do all the steps listed in the
>>>> Linux section. So, you don't have to do this on Mac OS? A simple "gpg
>>>> --verify KEYS" is enough to get a "Good ..." or "Bad ..." result?
>>>
>>> I am not sure if I understand you here, I verified the *.asc file with
>>> the original file.
>>
>> So, the question is, how? Please be as detailed possible, I've no chance
>> to reproduce. ;-)
>>
>>> I would expect that this works on all platforms more
>>> or less in the same way.
>>
>> OK, to make it simple. The following commands do not work on Linux:
>>
>> $ wget http://www.apache.org/dist/incubator/ooo/KEYS
>> $ gpg --import KEYS
>> $ gpg --verify install_binary.tar.gz.asc install_binary.tar.gz
>>
>> Does this work on MacOS X? If not please help me to get it working.
>>
>
> the problem is that the file
> http://www.apache.org/dist/incubator/ooo/KEYS contains only 2 keys,
> Rob's and my key.

oh right, this cannot work on Linux as these builds are not from you or 
Rob but from Ariel.

> Please try it with https://people.apache.org/keys/group/ooo.asc
>
> The ooo.asc file will updated automatically via id.apache.org if people
> maintain their data there as far as I know

Great. Now I get the "Good signature ..." result also on Linux.

Thanks a lot Jürgen. :-)

Marcus

Mime
View raw message