Closed
Bug 557463
Opened 14 years ago
Closed 14 years ago
Signature and MD5SUM for German 3.0.0.19 installer do not verify
Categories
(Release Engineering :: General, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: aheinlein, Assigned: lsblakk)
References
()
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.1.8) Gecko/20100214 Ubuntu/9.10 (karmic) Firefox/3.5.8 Build Identifier: For the german win32 installer of Firefox 3.0.0.19 (http://releases.mozilla.org/pub/mozilla.org/firefox/releases/3.0.19-real/win32/de/Firefox%20Setup%203.0.19.exe), the release signature in the same directory does not verify, and the MD5 sum a few directories above does not match the actual checksum of the downloaded file. Either the installer is corrupt or the checksums/signatures need to be updated. Reproducible: Always Steps to Reproduce: 1. Download installer and signature 2. gpg --verify Firefox\ Setup\ 3.0.19.exe.asc 3. Actual Results: "invalid signature" Expected Results: "good signature"
|
||
Comment 1•14 years ago
|
||
John, cc'ing you since I'm not sure where this bug should be moved to since it is a releng bug.
|
|
||
Updated•14 years ago
|
Component: Installer → Release Engineering
Product: Firefox → mozilla.org
QA Contact: installer → release
Version: unspecified → other
|
||
Comment 2•14 years ago
|
||
For reference: * bug 556222 - Firefox 3.0.19 Windows installers are not digitally-signed * https://wiki.mozilla.org/Releases/Firefox_3.0.19/BuildNotes
|
||
Comment 3•14 years ago
|
||
(In reply to comment #2) > For reference: > * bug 556222 - Firefox 3.0.19 Windows installers are not digitally-signed The ones 3.0.19-real are, actually.
|
|
||
Comment 4•14 years ago
|
||
(In reply to comment #3) > (In reply to comment #2) > > For reference: > > * bug 556222 - Firefox 3.0.19 Windows installers are not digitally-signed > > The ones 3.0.19-real are, actually. But I bet we didn't regenerate the *SUMS files afterwards.
|
Reporter | |
Comment 5•14 years ago
|
||
The 3.0.19-real releases are signed, however the signature is two days older (2010-03-29) than the released exe (2010-03-31), not only the german but at least also the english exe. Looks like someone made a last-minute change and forgot to update the signatures.
|
Assignee | |
Updated•14 years ago
|
Assignee: nobody → lsblakk
|
|
Assignee | |
Comment 6•14 years ago
|
||
signatures are updated - http://releases.mozilla.org/pub/mozilla.org/firefox/releases/3.0.19-real/win32/de/
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
|
||
Comment 7•14 years ago
|
||
(In reply to comment #5) > The 3.0.19-real releases are signed, however the signature is two days older > (2010-03-29) than the released exe (2010-03-31), not only the german but at > least also the english exe. > Looks like someone made a last-minute change and forgot to update the > signatures. (In reply to comment #6) > signatures are updated - > http://releases.mozilla.org/pub/mozilla.org/firefox/releases/3.0.19-real/win32/de/ Andreas: thanks for catching that and sorry for the mistake. Please reopen this bug if you see any other problems, ok?
|
|
||
Comment 8•14 years ago
|
||
(In reply to comment #6) > signatures are updated - > http://releases.mozilla.org/pub/mozilla.org/firefox/releases/3.0.19-real/win32/de/ Just like the first time we had to fix 3.0.19, we cannot replace files pushed to mirrors. Not all mirrors will update. I've found multiple mirrors which still have the old signatures: http://mozilla.cs.utah.edu/pub/mozilla.org/firefox/releases/3.0.19-real/win32/ http://mirror-fpt-telecom.fpt.net/mozilla/firefox/releases/3.0.19-real/win32/ http://mozilla.patan.com.ar/firefox/releases/3.0.19-real/win32 It's not a lot, but if we want to fix this fully, we need to push to a different directory.
|
|
Assignee | |
Comment 9•14 years ago
|
||
pushed to 3.0.19-real-real, bouncer updated.
|
||
Updated•11 years ago
|
Product: mozilla.org → Release Engineering
You need to log in
before you can comment on or make changes to this bug.
Description
•