.asc signtures missing

techno · September 26, 2019, 5:55pm

Trying to download
Whonix-XFCE-15.0.0.4.9.libvirt.xz.asc but they are missing on sourceforge

HulaHoop · September 28, 2019, 4:44am

Thanks for letting me know. It seems to be a broken link on the wiki rather than it being totally unavailable. I just downloaded directly from the sf directory

https://sourceforge.net/projects/whonix-kvm/files/libvirt/15.0.0.4.9/

Please dl it and try again.

cc/ @Patrick I need your help fixing the broken sig links please

EDIT:

It seems we just care about hashing the tarball and just signing these resulting files instead of the archive itself? If tha’s the case then the .asc for the tarball can safely be removed (since it doesn’t exist)?

Or did the prepare relese script break before generating this file?

Patrick · September 28, 2019, 8:38am

whonix-kvm - Browse /libvirt/15.0.0.4.9 at SourceForge.net has no asc file.

No, sign the file directly. This is the main method. This is documented for years:

Hashes and signed hash files is an advanced users only feature.

I have no idea. Check output of prepare_release script.

erasmo52 · September 29, 2019, 9:58am

Hi, in the directory which HulaHoop given us (whonix-kvm - Browse /libvirt/15.0.0.4.9 at SourceForge.net and I already visited before) there isn’t any Whonix-XFCE-15.0.0.4.9.libvirt.xz.asc.
There is different .asc files. I tried to verify using alls of them, but any worked. Alls returned “BAD signature from “HulaHoop” [unknown]” message.
Witch of the signature files in the above link must be used to verify the Whonix-XFCE-15.0.0.4.9.libvirt.xz image?
Thanks

HulaHoop · September 29, 2019, 4:26pm

@erasmo52 I’ve just tried to reproduce your complaint but I receive a GOOD signature from HulaHoop. The situation is not ideal because the main .asc is indeed missing but Users can make do with the signed hash checksums files from now. I feel running the entire build process just for this one step would be a waste. I will try to make sure it doesn’t happen again though.

Patrick_mobile · September 30, 2019, 4:49am

Why complete rebuild? No need. Just sign the file and upload.

erasmo52 · September 30, 2019, 6:49am

I am sorry to bother you again but you didn’t answer my question.
You tell: [quote=“HulaHoop, post:5, topic:8217”]
I receive a GOOD signature from HulaHoop
[/quote], but can you tell me witch signature file you used to verify the libvirt.xz image? Or follow what Patrick_mobile recommended to do, it must be quite simple, finally.
Thanks

HulaHoop · September 30, 2019, 2:59pm

Fixed. Sorry for the laziness. Have a nice day.