Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 917582

Summary: app-text/calibre-7.0.0: Fetched file: calibre-7.0.0.tar.xz.sig VERIFY FAILED!
Product: Gentoo Linux Reporter: Michał Górny <mgorny>
Component: Current packagesAssignee: Zac Medico <zmedico>
Status: RESOLVED FIXED    
Severity: normal CC: eschwartz, zeekec
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://launchpad.net/bugs/2043914
https://github.com/gentoo/gentoo/pull/33907
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: original .sig

Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2023-11-19 06:44:37 UTC 
>>> Downloading 'https://calibre-ebook.com/signatures/calibre-7.0.0.tar.xz.sig'
--2023-11-19 07:42:53--  https://calibre-ebook.com/signatures/calibre-7.0.0.tar.xz.sig
Resolving calibre-ebook.com (calibre-ebook.com)... 166.78.105.155, 2001:4801:7817:72:be76:4eff:fe10:f43a
Connecting to calibre-ebook.com (calibre-ebook.com)|166.78.105.155|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 566 [application/pgp-signature]
Saving to: ‘/tmp/dist/calibre-7.0.0.tar.xz.sig.__download__’

     0K                                    100% 27,7M=0s

2023-11-19 07:42:53 (27,7 MB/s) - ‘/tmp/dist/calibre-7.0.0.tar.xz.sig.__download__’ saved [566/566]

!!! Fetched file: calibre-7.0.0.tar.xz.sig VERIFY FAILED!
!!! Reason: Failed on BLAKE2B verification
!!! Got:      5ad0d2b83e37a4ea7511253437fde9dafcc54b061d2597bebd4e18eb1471c724ae7fad760cf0c5e1b213d49beb9eb1a1f61aea556b3fc17eb13e5374563606c6
!!! Expected: 72c18e259d84ea8fedc860da84de1306a0f02f13f5b80b5ed3638926a52f6746e1979bc350f4b6b3de753ff29ee6fa6cd417d2fac7f8418641e45acc17f3c826
Comment 1 Eli Schwartz gentoo-dev 2023-11-19 07:10:17 UTC 
Created attachment 875165 [details]
original .sig

Intriguing: https://bugs.launchpad.net/calibre/+bug/2043914

To demonstrate I'm not losing my mind, here's the file I originally downloaded.
Comment 2 Larry the Git Cow gentoo-dev 2023-11-19 16:18:58 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=219147e851dc1f9b2342bac867cb0b909bf66ea3

commit 219147e851dc1f9b2342bac867cb0b909bf66ea3
Author:     Eli Schwartz <eschwartz93@gmail.com>
AuthorDate: 2023-11-19 15:42:45 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2023-11-19 16:09:18 +0000

    app-text/calibre: update Manifest with updated checksum for PGP sig
    
    While the calibre 7.0.0 release was uploading there was a transient
    network failure, and re-launching the upload apparently resulted in the
    upload script recreating the signature file. The source tarball itself
    is unchanged.
    
    See https://bugs.launchpad.net/bugs/2043914
    
    Closes: https://bugs.gentoo.org/917582
    Signed-off-by: Eli Schwartz <eschwartz93@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/33907
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 app-text/calibre/Manifest | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)