Learn more about these different git repos.
Other Git URLs
The checksums on the signatures (.asc) are incorrect in the freeipa project.
https://releases.pagure.org/freeipa/CHECKSUMS
A colleague has said that all of the signature checksums are off. Here are specifics for the latest release, 4.7.0:
From the link: SHA256 (freeipa-4.7.0.tar.gz.asc) = c42611a5747c60f1ebebb8f40f0d99e76f90fe85b3e4fb776b0611e140112d1b SHA512 (freeipa-4.7.0.tar.gz.asc) = c13fced1d485d513ae0bbbf7b0dfe74c913871d874d8150fb3a84b1b46aad6d071e7058ec950e34373d965955da36204c1a923c0d09f14f6a16ce262eb738e94
I see:
$ sha256sum freeipa-4.7.0.tar.gz.asc eed9959a9e3a7ba3b91aa2a444163908610f41437e255137cc1389ef32f14e28 freeipa-4.7.0.tar.gz.asc $ sha512sum freeipa-4.7.0.tar.gz.asc 7d6a224cc564bd96fa5bd4b89e4996b3b761348424d8719e2aea422371c53a5151c045666a7333d3ef081a3384a5c649096c1555f69312b66a38f14722b69725 freeipa-4.7.0.tar.gz.asc
On my laptop:
$ sha256sum freeipa-4.7.0.tar.gz.asc eed9959a9e3a7ba3b91aa2a444163908610f41437e255137cc1389ef32f14e28 freeipa-4.7.0.tar.gz.asc
On the server:
# sha256sum freeipa-4.7.0.tar.gz.asc eed9959a9e3a7ba3b91aa2a444163908610f41437e255137cc1389ef32f14e28 freeipa-4.7.0.tar.gz.asc
So, I think it's some in the python algorythm used: https://pagure.io/pagure/blob/master/f/pagure/lib/tasks.py#_784-820
Metadata Update from @pingou: - Issue tagged with: bug
Test script:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
#!/usr/bin/python # Run as: python <script> <target1> <target2> import hashlib import os import sys algos = { 'sha256': hashlib.sha256(), 'sha512': hashlib.sha512(), } for filename in sys.argv[1:]: # for each files computes the different algorythm supported with open(filename, "rb") as stream: while True: buf = stream.read(2 * 2 ** 10) if buf: for hasher in algos.values(): hasher.update(buf) else: break for algo in sorted(algos): print('%s (%s) = %s\n' % ( algo.upper(), filename, algos[algo].hexdigest()))
Running it on my laptop:
$ python hash_files.py freeipa-4.7.0.tar.gz.asc SHA256 (freeipa-4.7.0.tar.gz.asc) = eed9959a9e3a7ba3b91aa2a444163908610f41437e255137cc1389ef32f14e28 SHA512 (freeipa-4.7.0.tar.gz.asc) = 7d6a224cc564bd96fa5bd4b89e4996b3b761348424d8719e2aea422371c53a5151c045666a7333d3ef081a3384a5c649096c1555f69312b66a38f14722b69725
Running it on the server:
# python ~/hash_files.py ../freeipa/freeipa-4.7.0.tar.gz.asc SHA256 (freeipa-4.7.0.tar.gz.asc) = eed9959a9e3a7ba3b91aa2a444163908610f41437e255137cc1389ef32f14e28 SHA512 (freeipa-4.7.0.tar.gz.asc) = 7d6a224cc564bd96fa5bd4b89e4996b3b761348424d8719e2aea422371c53a5151c045666a7333d3ef081a3384a5c649096c1555f69312b66a38f14722b69725
Conclusion: hmm....
I found it :)
(CHECKSUMS file re-generated for you, going to hotfix the fix in prod and submit a PR)
Commit 28a8734 fixes this issue
Login to comment on this ticket.