[Bug 1821120] Review Request: wlogout - wayland based logout menu

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

https://bugzilla.redhat.com/show_bug.cgi?id=1821120

Bob Hepple <bob.hepple@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|needinfo?(bob.hepple@gmail. |
                   |com)                        |



--- Comment #4 from Bob Hepple <bob.hepple@xxxxxxxxx> ---
Hi Lyes,

I've spent most of this morning studying up on the %gpgverify issue and I just
can't get it to work.

Note that AFAICS the .sig on the releases page does not refer to Source0 but to
some arbitrary tarball wlogout.tar.gz that the author uploaded:

$ ll wlogout-1.1.1.tar.gz wlogout.tar.gz
-rw-rw-r--. 1 bhepple bhepple 540189 Apr  6 14:07 wlogout-1.1.1.tar.gz
-rw-rw-r--. 1 bhepple bhepple 624640 Apr 20 11:39 wlogout.tar.gz

Having downloaded the author's public key, it does not verify that file:

$ gpgv --keyring ./gpg-key-F4FDB18A9937358364B276E9E25D679AF73C6D2F.gpg
wlogout.tar.gz.sig wlogout.tar.gz
gpgv: Signature made Sat 14 Mar 2020 15:37:44 AEST
gpgv:                using RSA key F4FDB18A9937358364B276E9E25D679AF73C6D2F
gpgv: [don't know]: invalid packet (ctb=2d)
gpgv: keydb_search failed: Invalid packet
gpgv: [don't know]: invalid packet (ctb=2d)
gpgv: keydb_search failed: Invalid packet
gpgv: Can't check signature: No public key

The wlogout.tar.gz does not actually download as a gzipped tarball but as a
plain tarball - so it's pretty suspicious!

In any case I think we want to be working with Source0 as that's a tarball
generated by github from the repo automatically.

Any ideas?


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
_______________________________________________
package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite Conditions]     [KDE Users]

  Powered by Linux