FS#70319 - [groovy] [groovy-docs] Add GPG key validation

Attached to Project: Community Packages
Opened by Rafael Fontenelle (josephg) - Tuesday, 06 April 2021, 19:05 GMT
Last edited by Alexander F. Rødseth (xyproto) - Friday, 10 November 2023, 11:40 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Alexander F. Rødseth (xyproto)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description: Groovy website provides .asc file for "Paul King <paulk@apache.org>" GPG key, which could be included in 'groovy' and 'groovy-docs' for security. 'groovy' PKGBUILD has a 4-years-old comment that the asc files has no key, but in my local tests I was not able to reproduce this issue; instead, using the .asc file works just fine.


Additional info:
* package version(s)
groovy 3.0.7
groovy-doc 3.0.7

* config and/or log files etc.

Attached,
- The exported armored GPG key of the fetched via .asc file
- A PKGBUILD diff for 'groovy' and another for 'groovy-docs'

* link to upstream bug report, if any
N/A

Steps to reproduce:


1. wget https://downloads.apache.org/groovy/3.0.7/distribution/apache-groovy-binary-3.0.7.zip.asc

2. gpg apache-groovy-binary-3.0.7.zip.asc
gpg: WARNING: no command supplied. Trying to guess what you mean ...
gpg: assuming signed data in 'apache-groovy-binary-3.0.7.zip'
gpg: Signature made Mon Nov 30 03:48:51 2020 -03
gpg: using RSA key 6A65176A0FB1CD0B
gpg: Good signature from "Paul King <paulk@apache.org>" [unknown]
gpg: aka "Paul King <kingp@ociweb.com>" [unknown]
gpg: aka "Paul King <paulk@asert.com.au>" [unknown]
gpg: aka "Paul King <paul.king.asert@gmail.com>" [unknown]
gpg: aka "keybase.io/paulk_asert <paulk_asert@keybase.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3444 1E50 4A93 7F43 EB0D AEF9 6A65 176A 0FB1 CD0B
This task depends upon

Closed by  Alexander F. Rødseth (xyproto)
Friday, 10 November 2023, 11:40 GMT
Reason for closing:  Fixed
Comment by Buggy McBugFace (bugbot) - Tuesday, 08 August 2023, 19:11 GMT
This is an automated comment as this bug is open for more then 2 years. Please reply if you still experience this bug otherwise this issue will be closed after 1 month.
Comment by Alexander F. Rødseth (xyproto) - Friday, 10 November 2023, 11:40 GMT
Thank you.

Loading...