[cairo] pixman SHA1 checksum failure
Keith Packard
keithp at keithp.com
Tue Dec 2 07:50:58 PST 2008
On Tue, 2008-12-02 at 02:40 -0500, Ben Stern wrote:
> I have downloaded pixman 0.13.2 from http://www.cairographics.org/releases/
> and have run into a problem.
>
> bstern at farad:/usr/local/src$ gpg --verify pixman-0.13.2.tar.gz.sha1.asc ; \
> cat pixman-0.13.2.tar.gz.sha1; sha1sum pixman-0.13.2.tar.gz
> gpg: Signature made Wed 26 Nov 2008 01:00:04 AM EST using DSA key ID 096C4DD3
> gpg: Good signature from "Keith Packard <keithp at keithp.com>"
> gpg: aka "Keith Packard <keithp at debian.org>"
> gpg: aka "Keith Packard <keithp at freedesktop.org>"
> gpg: aka "Keith Packard <keith.packard at intel.com>"
> gpg: aka "[jpeg image of size 3550]"
> bstern at farad:/usr/local/src$ cat pixman-0.13.2.tar.gz.sha1
> c5ad136f77169661a97a3e52b1b7096ee2230d47 pixman-0.13.2.tar.gz
> bstern at farad:/usr/local/src$ sha1sum pixman-0.13.2.tar.gz
> 755a5f297ee4619a28983be1c2a81aac24c02b62 pixman-0.13.2.tar.gz
>
> The sums aren't matching. I tried re-downloading, but am still getting the
> same wrong checksum.
Something is wrong with the pixman release process, that's for sure. I
just re-checksumed the pixman-0.13.2.tar.gz here on my disk and also
looked at the pixman-0.13.2.tar.gz.sha1:
$ cat pixman-0.13.2.tar.gz.sha1; sha1sum pixman-0.13.2.tar.gz
755a5f297ee4619a28983be1c2a81aac24c02b62 pixman-0.13.2.tar.gz
755a5f297ee4619a28983be1c2a81aac24c02b62 pixman-0.13.2.tar.gz
I also found my original release note:
Hashes:
MD5: 837df4a02c61a60a880644393b57faed pixman-0.13.2.tar.gz
MD5: 4b03b556bb0da245eedf74437c3a6158 pixman-0.13.2.tar.bz2
SHA1: 755a5f297ee4619a28983be1c2a81aac24c02b62 pixman-0.13.2.tar.gz
SHA1: 395667fec46e8ecea87e1293982707c928d4fe08 pixman-0.13.2.tar.bz2
You should have a copy of this as well, also signed with my gpg key.
> I have confirmed the output with "openssl sha1" and the checksums still
> don't match. Is something wrong with the download, or is there something
> amiss on the cairographics server?
I suspect the pixman release script is broken in some way, perhaps Søren
can figure it out?
Thanks for checking these files; once we sort out what's up with the
release process, I'll replace the checksum files on the server.
--
keith.packard at intel.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.cairographics.org/archives/cairo/attachments/20081202/45ccafcf/attachment.pgp
More information about the cairo
mailing list