[tbb-bugs] #13357 [Tor Browser]: GPG signature is broken for GCC 4.8.3

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Oct 7 18:29:31 UTC 2014


#13357: GPG signature is broken for GCC 4.8.3
-------------------------+--------------------------
 Reporter:  kpdyer       |          Owner:  tbb-team
     Type:  defect       |         Status:  new
 Priority:  normal       |      Milestone:
Component:  Tor Browser  |        Version:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
-------------------------+--------------------------
 GCC 4.8.3 is signed by RSA key ID FC26A641.

 {{{
 $ gpg --verify gcc-4.8.3.tar.bz2.sig
 gpg: Signature made Thu May 22 04:09:35 2014 PDT using RSA key ID FC26A641
 gpg: Good signature from "Richard Guenther <rguenth at tat.physik.uni-
 tuebingen.de>"
 gpg:                 aka "Richard Guenther (GCC) <rguenth at gcc.gnu.org>"
 ...
 }}}

 This key is not included in our GCC keyring:

 {{{
 $ gpg gitian/gpg/GCC.gpg
 pub  1024D/C3C45C06 2004-04-21 Jakub Jelinek <jakub at redhat.com>
 sub  2048g/241CF083 2004-04-21 [expires: 2020-09-10]
 $
 }}}

 So, when I build the tor-browser-bundle, I get:

 {{{
 ...
 2014-10-07 10:26:55 (14.4 MB/s) - `gcc-4.8.3.tar.bz2.sig' saved [280/280]

 GCC: GPG signature is broken for
 https://ftp.gnu.org/gnu/gcc/gcc-4.8.3/gcc-4.8.3.tar.bz2
 }}}

 Actually, there are six keys that can sign the GCC releases:

 https://gcc.gnu.org/mirrors.html

 So, we probably want to update {{{gitian/gpg/GCC.gpg}}} to include all six
 keys.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13357>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list