Skip Menu |
 

This queue is for tickets about the App-MusicTools CPAN distribution.

Report information
The Basics
Id: 95155
Status: resolved
Priority: 0/
Queue: App-MusicTools

People
Owner: jeremy.mates [...] gmail.com
Requestors: ANDK [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: 1.12
Fixed in: (no value)



Subject: Invalid signature
Download (untitled) / with headers
text/plain 1.2k
cpansign -v Executing gpg --verify --batch --no-tty --keyserver=hkp://pool.sks-keyservers.net:11371 --keyserver-options=auto-key-retrieve SIGNATURE gpg: Signature made Tue 08 Apr 2014 11:19:54 PM CEST using RSA key ID B04EE094 gpg: Good signature from "Jeremy Mates <jmates@cpan.org>" gpg: aka "Jeremy Mates <jeremy.mates@gmail.com>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: F285 7A01 1CB6 4476 938A 0FC4 34C4 556A B04E E094 --- SIGNATURE Tue Apr 8 23:19:58 2014 +++ (current) Tue Apr 29 03:44:10 2014 @@ -1,6 +1,8 @@ SHA1 5af545c218bf29dd2f3c9202e292c2116254d035 Changes SHA1 846252ea9428ead5a9f387bcd843958f5759609c LICENSE -SHA1 ba4997e01dfb0d06af2ea19b522e897ee345fe6e MANIFEST +SHA1 743bfbc9814faa5e54880ab84741410241df1641 MANIFEST +SHA1 ccc523b26c85c9c1f3be7a536ba84f553e76c9ee META.json +SHA1 d6ca194d4c5d41beada8665551924eb152eeaec6 META.yml SHA1 41a374089ecff734a6fccd3b202bdaaa51a5a762 Makefile.PL SHA1 170894ba424238d52a4a657e3f04f0f2118fd934 README SHA1 9ac889d9c038a1f60967d1f213cabd9defcf4ec3 atonal-util ==> MISMATCHED content between SIGNATURE and distribution files! <==
Download (untitled) / with headers
text/plain 499b
Damned if I do, damned if I don't la la la ▍ osm App-MusicTools-1.13.tar.gz ▍ cd App-MusicTools-1.13/ ▍ cpansign -v Executing gpg --verify --batch --no-tty --keyserver=hkp://pool.sks-keyservers.net:11371 --keyserver-options=auto-key-retrieve SIGNATURE gpg: Signature made Wed Apr 30 18:28:48 2014 UTC using RSA key ID B04EE094 gpg: Good signature from "Jeremy Mates <jmates@cpan.org>" gpg: aka "Jeremy Mates <jeremy.mates@gmail.com>" ==> Signature verified OK! <== ▍
CC: ANDK [...] cpan.org
Subject: Re: [rt.cpan.org #95155] Invalid signature
Date: Thu, 01 May 2014 07:27:15 +0200
To: bug-App-MusicTools [...] rt.cpan.org
From: Andreas Koenig <andreas.koenig.7os6VVqR [...] franz.ak.mind.de>
Download (untitled) / with headers
text/plain 291b
thanks! I'm still stuck: (optional) JMATES/Music-AtonalUtil-1.07.tar.gz: signature_verify NO JMATES/Music-Chord-Positions-0.63.tar.gz : signature_verify NO Apologies for not opening new tickets -- let me know if you prefer that I open new ones. Thanks again && Regards, -- andreas
Subject: Re: [rt.cpan.org #95155] Invalid signature
Date: Thu, 1 May 2014 15:09:30 +0000
To: "(Andreas J. Koenig) via RT" <bug-App-MusicTools [...] rt.cpan.org>
From: Jeremy Mates <jeremy.mates [...] gmail.com>
Download (untitled) / with headers
text/plain 265b
* (Andreas J. Koenig) via RT <bug-App-MusicTools@rt.cpan.org> Show quoted text
> (optional) JMATES/Music-AtonalUtil-1.07.tar.gz: signature_verify NO > JMATES/Music-Chord-Positions-0.63.tar.gz : signature_verify NO
Darn. Hmm, cpanm isn't verifying, or something, doot dee doo
Download (untitled) / with headers
text/plain 311b
That's why I include a 00-signature.t that verifies during 'make disttest' which is part of 'make release' or so. 00-signature.t never fails but makes enough noise for me to notice. So it doesn't prevent installation ever but reduces the chance that I make mistakes on the signature just in time of the release.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.