> Am 02.11.2021 um 09:24 schrieb Ruediger Pluem <rpl...@apache.org>:
> 
> I tried to fix the below with r1894662:
> 
> Index: r3-push-release-tars.sh
> ===================================================================
> --- r3-push-release-tars.sh   (revision 1894661)
> +++ r3-push-release-tars.sh   (working copy)
> @@ -86,6 +86,11 @@
>     dest=`echo $file | sed -e "s/${FULL_VERSION}/${VERSION}/"`
>     svn mv "$file" "$dest"
>   done
> +  # fix the filenames in the hash files (PR65665)
> +  echo "fixing ${FULL_VERSION} filename to ${VERSION} in hash files"
> +  for file in 
> "${AO_DIST_RELEASE_PATH}/${PROJECT}-${FULL_VERSION}".tar.*.sha*  do
> +    perl -pe "s/${FULL_VERSION}/${VERSION}/" -i $file
> +  done
> fi
> svn mv "${AO_DIST_DEV_PATH}/CHANGES_${VERSION}" "${AO_DIST_RELEASE_PATH}"


I think the files have already been renamed at that point, so it should be
> +  for file in "${AO_DIST_RELEASE_PATH}/${PROJECT}-${VERSION}".tar.*.sha*  do
> +    perl -pe "s/${FULL_VERSION}/${VERSION}/" -i $file
> +  done


(and we should also no more generated the .md5, I assume). Maybe no even the 
.sha1.

I'll do the changes and update apache dist.

Kind Regards,
Stefan


> 
> Any comments?
> 
> Regards
> 
> RĂ¼diger
> 
> -------- Forwarded Message --------
> Subject: [Bug 65665] New: signature file for source tarball has incorrect 
> file name in it
> Date: Fri, 29 Oct 2021 18:21:55 +0000
> From: bugzi...@apache.org
> Reply-To: Apache HTTPD Bugs Notification List <b...@httpd.apache.org>
> To: b...@httpd.apache.org
> 
> https://bz.apache.org/bugzilla/show_bug.cgi?id=65665
> 
>            Bug ID: 65665
>           Summary: signature file for source tarball has incorrect file
>                    name in it
>           Product: Apache httpd-2
>           Version: 2.4.51
>          Hardware: All
>                OS: All
>            Status: NEW
>          Severity: normal
>          Priority: P2
>         Component: Build
>          Assignee: b...@httpd.apache.org
>          Reporter: mehul.sang...@gmail.com
>  Target Milestone: ---
> 
> When trying to use `sha256sum --check` to verify the tar.gz I get the
> following:
> 
> % sha256sum --check httpd-2.4.51.tar.gz.sha256
> sha256sum: httpd-2.4.51-rc1.tar.gz: No such file or directory
> httpd-2.4.51-rc1.tar.gz: FAILED open or read
> sha256sum: WARNING: 1 listed file could not be read
> 
> % cat httpd-2.4.51.tar.gz.sha256
> c2cedb0b47666bea633b44d5b3a2ebf3c466e0506955fbc3012a5a9b078ca8b4
> *httpd-2.4.51-rc1.tar.gz
> 
> As can be seen, the filename listed in the signature file is wrong.
> 
> If anyone is doing automated signature verification, that is going to fail for
> no reason as the signature is correct, only the filename is wrong.
> 
> This is also true for the tar.bz2 signature.
> 
> 
> 
> 
> 

Reply via email to