[tor-bugs] #15437 [Tor Browser]: Verification of tbb-windows-installer v0.2 tag fails

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Mar 22 19:35:26 UTC 2015 

#15437: Verification of tbb-windows-installer v0.2 tag fails
-------------------------+--------------------------
 Reporter:  dcf          |          Owner:  tbb-team
     Type:  defect       |         Status:  new
 Priority:  normal       |      Milestone:
Component:  Tor Browser  |        Version:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
-------------------------+--------------------------
 I'm getting this error when running `make alpha TORSOCKS=` on
 [https://gitweb.torproject.org/builders/tor-browser-
 bundle.git/commit/?id=dad9a582b97d8720f788881461ead2284281eea8 dad9a582].

 {{{
 release for tbb 4.5
 gpg: Signature made Wed 18 Mar 2015 10:11:18 PM GMT using RSA key ID
 CF66183F
 gpg: Can't check signature: public key not found
 error: could not verify the tag 'v0.2'
 tbb-windows-installer: verification of tag v0.2 against /home/dcf/tor-
 browser-bundle/gitian/gpg/tbb-windows-installer.gpg failed!


 You should run 'make prep' to ensure your inputs are up to date
 }}}

 It looks like the tags [https://github.com/moba/tbb-windows-
 installer/releases/tag/v0.1 v0.1] and [https://github.com/moba/tbb-
 windows-installer/releases/tag/v0.2 v0.2] are signed by different keys.
 The gpg/tbb-windows-installer.gpg keyring is only good for v0.1.

 {{{
 ~/gitian-builder/inputs/tbb-windows-installer$ git tag -v v0.1
 object b18dfbededf738e7ab82a7792ef3f9f010fb048b
 type commit
 tag v0.1
 tagger Mo <m.bartl at headstrong.de> 1371973352 +0200

 first tagged release
 gpg: Signature made Sun 23 Jun 2013 07:42:39 AM GMT using RSA key ID
 484DC500
 gpg: Can't check signature: public key not found
 error: could not verify the tag 'v0.1'

 ~/gitian-builder/inputs/tbb-windows-installer$ git tag -v v0.2
 object 400dd62230d7c219b44ee2e83362a52c5e96806e
 type commit
 tag v0.2
 tagger moba <m at b> 1426716678 +0100

 release for tbb 4.5
 gpg: Signature made Wed 18 Mar 2015 10:11:18 PM GMT using RSA key ID
 CF66183F
 gpg: Can't check signature: public key not found
 error: could not verify the tag 'v0.2'

 ~/tor-browser-bundle/gitian$ gpg gpg/tbb-windows-installer.gpg
 pub  2048R/484DC500 2010-05-20 Moritz Bartl <moritz at headstrong.de>
 uid                            Moritz Bartl <moritz at torservers.net>
 uid                            Moritz Bartl (http://www.torservers.net/)
 <support at torservers.net>
 sub  2048R/38679AAC 2010-05-20 [expires: 2015-05-19]
 }}}

 Seems related to the change in #14688?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15437>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list