> Am 02.11.2021 um 09:24 schrieb Ruediger Pluem <rpl...@apache.org>:
>
> I tried to fix the below with r1894662:
>
> Index: r3-push-release-tars.sh
> ===================================================================
> --- r3-push-release-tars.sh (revision 1894661)
> +++ r3-push-release-tars.sh (working copy)
> @@ -86,6 +86,11 @@
> dest=`echo $file | sed -e "s/${FULL_VERSION}/${VERSION}/"`
> svn mv "$file" "$dest"
> done
> + # fix the filenames in the hash files (PR65665)
> + echo "fixing ${FULL_VERSION} filename to ${VERSION} in hash files"
> + for file in
> "${AO_DIST_RELEASE_PATH}/${PROJECT}-${FULL_VERSION}".tar.*.sha* do
> + perl -pe "s/${FULL_VERSION}/${VERSION}/" -i $file
> + done
> fi
> svn mv "${AO_DIST_DEV_PATH}/CHANGES_${VERSION}" "${AO_DIST_RELEASE_PATH}"
I think the files have already been renamed at that point, so it should be
> + for file in "${AO_DIST_RELEASE_PATH}/${PROJECT}-${VERSION}".tar.*.sha* do
> + perl -pe "s/${FULL_VERSION}/${VERSION}/" -i $file
> + done
(and we should also no more generated the .md5, I assume). Maybe no even the
.sha1.
I'll do the changes and update apache dist.
Kind Regards,
Stefan
>
> Any comments?
>
> Regards
>
> RĂ¼diger
>
> -------- Forwarded Message --------
> Subject: [Bug 65665] New: signature file for source tarball has incorrect
> file name in it
> Date: Fri, 29 Oct 2021 18:21:55 +0000
> From: bugzi...@apache.org
> Reply-To: Apache HTTPD Bugs Notification List <b...@httpd.apache.org>
> To: b...@httpd.apache.org
>
> https://bz.apache.org/bugzilla/show_bug.cgi?id=65665
>
> Bug ID: 65665
> Summary: signature file for source tarball has incorrect file
> name in it
> Product: Apache httpd-2
> Version: 2.4.51
> Hardware: All
> OS: All
> Status: NEW
> Severity: normal
> Priority: P2
> Component: Build
> Assignee: b...@httpd.apache.org
> Reporter: mehul.sang...@gmail.com
> Target Milestone: ---
>
> When trying to use `sha256sum --check` to verify the tar.gz I get the
> following:
>
> % sha256sum --check httpd-2.4.51.tar.gz.sha256
> sha256sum: httpd-2.4.51-rc1.tar.gz: No such file or directory
> httpd-2.4.51-rc1.tar.gz: FAILED open or read
> sha256sum: WARNING: 1 listed file could not be read
>
> % cat httpd-2.4.51.tar.gz.sha256
> c2cedb0b47666bea633b44d5b3a2ebf3c466e0506955fbc3012a5a9b078ca8b4
> *httpd-2.4.51-rc1.tar.gz
>
> As can be seen, the filename listed in the signature file is wrong.
>
> If anyone is doing automated signature verification, that is going to fail for
> no reason as the signature is correct, only the filename is wrong.
>
> This is also true for the tar.bz2 signature.
>
>
>
>
>