>>> Emerging (1 of 1) net-vpn/tor-0.4.6.10::gentoo * tor-0.4.6.10.tar.gz BLAKE2B SHA512 size ;-) ... [ ok ] * tor-0.4.6.10.tar.gz.sha256sum BLAKE2B SHA512 size ;-) ... [ ok ] * tor-0.4.6.10.tar.gz.sha256sum.asc BLAKE2B SHA512 size ;-) ... [ ok ] >>> Unpacking source... * The following distfiles lack detached signatures: * tor-0.4.6.10.tar.gz * ERROR: net-vpn/tor-0.4.6.10::gentoo failed (unpack phase): * Unsigned distfiles found * * Call stack: * ebuild.sh, line 127: Called src_unpack * environment, line 2604: Called verify-sig_src_unpack * environment, line 3640: Called die * The specific snippet of code: * die "Unsigned distfiles found";
Needs an eclass change due to a change in how the sigs are done, I think. blueness was looking at it but I think mgorny is too (instead?): https://github.com/gentoo/gentoo/pull/24180. Also: [00:10] <sam_> mgorny: blueness: see https://forum.torproject.net/t/release-0-4-5-12-and-0-4-6-10/2024/4 for discussion on PGP key [00:10] <sam_> I did see some dsicussion of someone new doing release about a month ago too
For the record, I think it looks extremely unprofessional of us to do a bump with failing signature verification. It basically tells our users "they didn't verify it" (even if that's not true).
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=70c0ad68b27a716ca291f63604a56b227d87ade0 commit 70c0ad68b27a716ca291f63604a56b227d87ade0 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2022-02-13 15:22:19 +0000 Commit: Anthony G. Basile <blueness@gentoo.org> CommitDate: 2022-02-16 19:19:31 +0000 net-vpn/tor: Fix checksum + signature verification Closes: https://bugs.gentoo.org/833303 Signed-off-by: Michał Górny <mgorny@gentoo.org> Signed-off-by: Anthony G. Basile <blueness@gentoo.org> net-vpn/tor/Manifest | 4 ++-- net-vpn/tor/tor-0.4.6.10.ebuild | 14 +++++++++++++- 2 files changed, 15 insertions(+), 3 deletions(-)