I tried to fix the below with r1894662:
Index: r3-push-release-tars.sh
===================================================================
--- r3-push-release-tars.sh (revision 1894661)
+++ r3-push-release-tars.sh (working copy)
@@ -86,6 +86,11 @@
dest=`echo $file | sed -e "s/${FULL_VERSION}/${VERSION}/"`
svn mv "$file" "$dest"
done
+ # fix the filenames in the hash files (PR65665)
+ echo "fixing ${FULL_VERSION} filename to ${VERSION} in hash files"
+ for file in "${AO_DIST_RELEASE_PATH}/${PROJECT}-${FULL_VERSION}".tar.*.sha*
do
+ perl -pe "s/${FULL_VERSION}/${VERSION}/" -i $file
+ done
fi
svn mv "${AO_DIST_DEV_PATH}/CHANGES_${VERSION}" "${AO_DIST_RELEASE_PATH}"/
Any comments?
Regards
RĂ¼diger
-------- Forwarded Message --------
Subject: [Bug 65665] New: signature file for source tarball has incorrect file
name in it
Date: Fri, 29 Oct 2021 18:21:55 +0000
From: bugzi...@apache.org
Reply-To: Apache HTTPD Bugs Notification List <b...@httpd.apache.org>
To: b...@httpd.apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=65665
Bug ID: 65665
Summary: signature file for source tarball has incorrect file
name in it
Product: Apache httpd-2
Version: 2.4.51
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Build
Assignee: b...@httpd.apache.org
Reporter: mehul.sang...@gmail.com
Target Milestone: ---
When trying to use `sha256sum --check` to verify the tar.gz I get the
following:
% sha256sum --check httpd-2.4.51.tar.gz.sha256
sha256sum: httpd-2.4.51-rc1.tar.gz: No such file or directory
httpd-2.4.51-rc1.tar.gz: FAILED open or read
sha256sum: WARNING: 1 listed file could not be read
% cat httpd-2.4.51.tar.gz.sha256
c2cedb0b47666bea633b44d5b3a2ebf3c466e0506955fbc3012a5a9b078ca8b4
*httpd-2.4.51-rc1.tar.gz
As can be seen, the filename listed in the signature file is wrong.
If anyone is doing automated signature verification, that is going to fail for
no reason as the signature is correct, only the filename is wrong.
This is also true for the tar.bz2 signature.
