FS#54544 - [openvpn] sha256 hash
Attached to Project:
Arch Linux
Opened by Nicola (drakkan) - Thursday, 22 June 2017, 18:19 GMT
Last edited by Christian Hesse (eworm) - Saturday, 24 June 2017, 12:42 GMT
Opened by Nicola (drakkan) - Thursday, 22 June 2017, 18:19 GMT
Last edited by Christian Hesse (eworm) - Saturday, 24 June 2017, 12:42 GMT
|
Details
Description:
if you download openvpn 2.4.3 now you have this sha256sum sha256sum openvpn-2.4.3.tar.xz 15e15fc97f189b52aee7c90ec8355aa77469c773125110b4c2f089abecde36fb openvpn-2.4.3.tar.xz this is different from the one in PKGBUILD: https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/openvpn#n19 seems a problem with the openvpn relase process, please read more details on openvpn devel list, the right sha256sum should be the actual one and not the one in PKGBUILD, but it is not completly clear |
This task depends upon
Closed by Christian Hesse (eworm)
Saturday, 24 June 2017, 12:42 GMT
Reason for closing: Fixed
Additional comments about closing: fixed in svn
Saturday, 24 June 2017, 12:42 GMT
Reason for closing: Fixed
Additional comments about closing: fixed in svn
https://sourceforge.net/p/openvpn/mailman/message/35907209/ and
https://community.openvpn.net/openvpn/wiki/release-packages-2.4.3-2.3.17
for additional info. Also keep in mind that you have to get correct asc file which you can find in the wikipage above.
In result we have two different pairs of tarballs and signatures which match independently but not when you mix them.
Due to cloudflare caching you can get tarball A with signature B or tarball B with signature A and that's why makepkg fails either on hash check or gpg verify.
Correct sha256 sums and signatures are in the wikipage I posted above.
(Well, I received the correct files from download servers, so I closed this too early. Sorry for that!)
The wiki page has checksums for tarballs and signatures and gives download links for the tarballs. Is there a reliable source for the signature?
However I committed the signature to svn. Does it build for anybody now?
https://community.openvpn.net/openvpn/attachment/wiki/release-packages-2.4.3-2.3.17/openvpn-2.4.3.tar.xz.asc
https://community.openvpn.net/openvpn/zip-attachment/wiki/release-packages-2.4.3-2.3.17/
https://community.openvpn.net/openvpn/raw-attachment/wiki/release-packages-2.4.3-2.3.17/openvpn-2.4.3.tar.xz.asc
Nevertheless I will keep the signature in svn for now.
Let's hope they fix their release stuff for the next release. *holding thumbs*