I already sent this message, but it's 110k altogether, and it's awaiting: > Your mail to 'Dng' with the subject > > BAD sig with Devuan Jessie 1.0.0-RC > > Is being held until the list moderator can review it for approval. > > The reason it is being held: > > Message body is too big: 117413 bytes with a limit of 40 KB > > Either the message will get posted to the list, or you will receive > notification of the moderator's decision. If you would like to cancel
which is fine. But I'm eager to install (been on VMs so far...) for real next, and can't do that if I keep getting BAD sig... And also, well for also see below... Because I'm removing the network trace, which is 83k, and makes the mail 110k (because of base64). The rest is the same as in previous email which is awaiting moderation. --- I'm not inventing. But neither denying it might potentially be an issue with my system, such as with my GnuPg or other, nor that it might be a problem deriving, made on the network through which I downloaded the: devuan_jessie_1.0.0-RC_amd64_DVD.iso ( $ wget \ https://files.devuan.org/devuan_jessie_rc/installer-iso/devuan_jessie_1.0.0-RC_amd64_DVD.iso ) But let's get the possibility that the hash and sig files that I also downloaded from: https://files.devuan.org/devuan_jessie_rc/installer-iso/ are to blame. The shortest is the network trace upon getting the BAD signature upon verification, attached (minimal anonymization of just the MACs with done on it as per my script dump_perl_repl.sh avalable at https://github.com/miroR/uncenz ): dump_170423_1642_g0n.pcap which is all in cleartext (no SSL), because I redownloaded wget http://devuan.c3l.lu/devuan_jessie_rc/installer-iso/SHA256SUMS.asc and wget http://devuan.c3l.lu/devuan_jessie_rc/installer-iso/SHA256SUMS and I got the same hash as sig as before. That don't lie. Fullstop. For that reason I'm rushing a little to send this (I'm not a wizard to fake network conversation, so it should be taken as truth that I got those a quarter of an hour ago, pls. allow later errata), but here's more of actual pastes from my terminals: $ gpg --verify SHA256SUMS.asc SHA256SUMS gpg: Signature made Sat 22 Apr 2017 09:44:23 CEST gpg: using RSA key 73B35DA54ACB7D10 gpg: BAD signature from "Denis Roio (Jaromil) <jaro...@dyne.org>" [unknown] $ gpg --recv-keys 73B35DA54ACB7D10 gpg: key 73B35DA54ACB7D10: "Denis Roio (Jaromil) <jaro...@dyne.org>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 $ diff SHA256SUMS.asc SHA256SUMS.asc.1 $ diff SHA256SUMS SHA256SUMS.1 $ gpg --verify SHA256SUMS.asc SHA256SUMS gpg: Signature made Sat 22 Apr 2017 09:44:23 CEST gpg: using RSA key 73B35DA54ACB7D10 gpg: BAD signature from "Denis Roio (Jaromil) <jaro...@dyne.org>" [unknown] $ $ cat SHA256SUMS | grep devuan_jessie_1.0.0-RC_amd64_DVD.iso > SHA256SUMS_CHECK $ sha256sum -c SHA256SUMS_CHECK devuan_jessie_1.0.0-RC_amd64_DVD.iso: OK $ Do other readers get Jaromil's sig on that hash verified? (I'm also attaching the SHA256SUMS.asc SHA256SUMS and don't verify here.) -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr
39ac1f1cdd007e998a99b6ba083ee230df1178c2675dff06356afd8724829e8c devuan_jessie_1.0.0-RC_amd64_CD.iso f4b0fc1fd3c7769055f4b611d8173a6a3be38eced0bcc72c65cc2fefa0914837 devuan_jessie_1.0.0-RC_amd64_DVD.iso d418998acbae2a7c6a60430c6192e13da7c8ad14da4a63fafe3b08a79621914d devuan_jessie_1.0.0-RC_amd64_NETINST.iso 0e7b035065f8edb2382c33be399084db75310e24c8202f7eda0f6446d4cee243 devuan_jessie_1.0.0-RC_i386_CD.iso c8503f5196a2fc5663d277f2e4741fed17028011bbb4cd1fcb1dfc0751036eb1 devuan_jessie_1.0.0-RC_i386_DVD.iso ac8314c6289542f6dd988290a58f491c267aa7dfd0db98be4d974b70cef5dd4d devuan_jessie_1.0.0-RC_i386_NETINST.iso
SHA256SUMS.asc
Description: application/pgp-encrypted
signature.asc
Description: Digital signature
_______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
