Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 917582 - app-text/calibre-7.0.0: Fetched file: calibre-7.0.0.tar.xz.sig VERIFY FAILED!
Summary: app-text/calibre-7.0.0: Fetched file: calibre-7.0.0.tar.xz.sig VERIFY FAILED!
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Zac Medico
URL:
Whiteboard:
Keywords: PullRequest
Depends on:
Blocks:
 
Reported: 2023-11-19 06:44 UTC by Michał Górny
Modified: 2023-11-19 16:18 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
original .sig (calibre-7.0.0.tar.xz.sig,566 bytes, application/pgp-signature)
2023-11-19 07:10 UTC, Eli Schwartz 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2023-11-19 06:44:37 UTC 
>>> Downloading 'https://calibre-ebook.com/signatures/calibre-7.0.0.tar.xz.sig'
--2023-11-19 07:42:53--  https://calibre-ebook.com/signatures/calibre-7.0.0.tar.xz.sig
Resolving calibre-ebook.com (calibre-ebook.com)... 166.78.105.155, 2001:4801:7817:72:be76:4eff:fe10:f43a
Connecting to calibre-ebook.com (calibre-ebook.com)|166.78.105.155|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 566 [application/pgp-signature]
Saving to: ‘/tmp/dist/calibre-7.0.0.tar.xz.sig.__download__’

     0K                                    100% 27,7M=0s

2023-11-19 07:42:53 (27,7 MB/s) - ‘/tmp/dist/calibre-7.0.0.tar.xz.sig.__download__’ saved [566/566]

!!! Fetched file: calibre-7.0.0.tar.xz.sig VERIFY FAILED!
!!! Reason: Failed on BLAKE2B verification
!!! Got:      5ad0d2b83e37a4ea7511253437fde9dafcc54b061d2597bebd4e18eb1471c724ae7fad760cf0c5e1b213d49beb9eb1a1f61aea556b3fc17eb13e5374563606c6
!!! Expected: 72c18e259d84ea8fedc860da84de1306a0f02f13f5b80b5ed3638926a52f6746e1979bc350f4b6b3de753ff29ee6fa6cd417d2fac7f8418641e45acc17f3c826
Comment 1 Eli Schwartz gentoo-dev 2023-11-19 07:10:17 UTC 
Created attachment 875165 [details]
original .sig

Intriguing: https://bugs.launchpad.net/calibre/+bug/2043914

To demonstrate I'm not losing my mind, here's the file I originally downloaded.
Comment 2 Larry the Git Cow gentoo-dev 2023-11-19 16:18:58 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=219147e851dc1f9b2342bac867cb0b909bf66ea3

commit 219147e851dc1f9b2342bac867cb0b909bf66ea3
Author:     Eli Schwartz <eschwartz93@gmail.com>
AuthorDate: 2023-11-19 15:42:45 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2023-11-19 16:09:18 +0000

    app-text/calibre: update Manifest with updated checksum for PGP sig
    
    While the calibre 7.0.0 release was uploading there was a transient
    network failure, and re-launching the upload apparently resulted in the
    upload script recreating the signature file. The source tarball itself
    is unchanged.
    
    See https://bugs.launchpad.net/bugs/2043914
    
    Closes: https://bugs.gentoo.org/917582
    Signed-off-by: Eli Schwartz <eschwartz93@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/33907
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 app-text/calibre/Manifest | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)