65665 – signature file for source tarball has incorrect file name in it

Bug 65665 - signature file for source tarball has incorrect file name in it

Summary: signature file for source tarball has incorrect file name in it

Status:	RESOLVED FIXED

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	Build (show other bugs)
Version:	2.4.51
Hardware:	All All

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-10-29 18:21 UTC by mns
Modified:	2021-11-02 09:00 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description mns 2021-10-29 18:21:55 UTC

When trying to use `sha256sum --check` to verify the tar.gz I get the following:

% sha256sum --check httpd-2.4.51.tar.gz.sha256
sha256sum: httpd-2.4.51-rc1.tar.gz: No such file or directory
httpd-2.4.51-rc1.tar.gz: FAILED open or read
sha256sum: WARNING: 1 listed file could not be read

% cat httpd-2.4.51.tar.gz.sha256
c2cedb0b47666bea633b44d5b3a2ebf3c466e0506955fbc3012a5a9b078ca8b4 *httpd-2.4.51-rc1.tar.gz

As can be seen, the filename listed in the signature file is wrong.

If anyone is doing automated signature verification, that is going to fail for no reason as the signature is correct, only the filename is wrong.

This is also true for the tar.bz2 signature.

Comment 1 Stefan Eissing 2021-11-02 09:00:37 UTC

Thanks for noticing and coming back to us! 

That was an omission in our release scripts that has been fixed now. I also updated the .sha* files on the distribution server.

Kind Regards,
Stefan