Hi Michael, Thanks for the quick response. I found the cause of the issue. I just right-clicked with "Save As ..." on the link at the download site, which downloaded from the following URL:
https://www.apache.org/dyn/closer.lua/qpid/cpp/0.34/qpid-cpp-0.34.tar.gz Since that URL doesn't return the TarGZ archive, but compressed HTML, of course the verification failed. Maybe the download site could be improved to make it more clear that these links direct to another HTML site? Regards, Volker Michael Goulish schrieb: > > Volker -- > > I just now tried this: > > > downloaded from here: > http://qpid.apache.org/download.html > and then here > http://apache.arvixe.com/qpid/cpp/0.34/qpid-cpp-0.34.tar.gz > > > MD5 > { > got expected MD5 from here > http://www.apache.org/dist/qpid/cpp/0.34/qpid-cpp-0.34.tar.gz.md5 > > should be: > e9d8ef8a9853ee51698687b9ee8d1b87 qpid-cpp-0.34.tar.gz > was: > e9d8ef8a9853ee51698687b9ee8d1b87 qpid-cpp-0.34.tar.gz > result: > good > } > > SHA1 > { > got expected SHA1 from here: > http://www.apache.org/dist/qpid/cpp/0.34/qpid-cpp-0.34.tar.gz.sha1 > should be: > d89668759c3d28a2dd762ba607e889da98169754 qpid-cpp-0.34.tar.gz > was: > d89668759c3d28a2dd762ba607e889da98169754 qpid-cpp-0.34.tar.gz > result: > good > } > > ------------------------------------- Michael Goulish . > > > > > > ----- Original Message ----- > > Dear Qpid developers, > > > > (please CC to me as I'm not subscribed to the list) > > > > I have trouble verifying the qpid-cpp and qpid-tools source packages, > > neither via SHA1 checksums nor via GPG signatures. > > > > This is what I got via download: > > > > # sha1sum qpid-* > > 624812ace82f4be40d0857c08fb4a52acf9abcf1 qpid-cpp-0.34.tar.gz > > dfaec3b586c2d74f4e76ab03de2d7436affe0ad6 qpid-tools-0.32.tar.gz > > > > But these are the expected SHA1 checksums: > > > > d89668759c3d28a2dd762ba607e889da98169754 qpid-cpp-0.34.tar.gz > > 73fbd686138079e438636523afd0b9d0e8c16ee8 qpid-tools-0.32.tar.gz > > > > > > Am I the only one with that issue? Is this purely on my side? > > > > Or, are there some malicious download mirrors in place? > > > > Or, is there a bug within the Qpid release process? > > > > > > Regards, > > Volker > > > > -- > > Volker Diels-Grabsch > > ----<<<((()))>>>---- > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > -- Volker Diels-Grabsch ----<<<((()))>>>---- --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
