search

bucardo / check_postgres

Nagios check_postgres plugin for checking status of PostgreSQL databases
http://bucardo.org/wiki/Check_postgres
Other
561 stars 175 forks source link

mismatched sha256sum #171

Open ripesensor opened 4 years ago

ripesensor commented 4 years ago

Downloaded from https://bucardo.org/downloads/check_postgres.tar.gz, unpacked and ran cpansign -v:

$ cpansign -v
Executing gpg --verify --batch --no-tty --keyserver=hkp://pool.sks-keyservers.net:11371 --keyserver-options=auto-key-retrieve /tmp/ctig7zv6q7
gpg: Signature made Mon 03 Feb 2020 07:53:15 PM EST
gpg:                using DSA key BC9B906714964AC8
gpg: Good signature from "Greg Sabino Mullane <greg@turnstep.com>" [unknown]
gpg:                 aka "Greg Sabino Mullane (End Point Corporation) <greg@endpoint.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 2529 DF6A B8F7 9407 E944  45B4 BC9B 9067 1496 4AC8
--- SIGNATURE   2020-02-03 19:53:48.000000000 -0500
+++ -   2020-04-15 16:29:11.680333873 -0400
@@ -24,7 +24,7 @@
 SHA256 074851520b04909ab15f3e64015ba19be8791124c9927a34c58e28a194092a35 README.md
 SHA256 b32a224f3752f4a608dc6959d614626a2bc054daa7c086dae77af727e19623d6 TODO
 SHA256 bde647425d1ead756b47170f378876af9c52a694801199a581571095136c3cb0 check_postgres.pl
-SHA256 23920745377364d3e175b4dacece36495072b24fedace08bed83f2efc03f61d4 check_postgres.pl.asc
+SHA256 ac7a9d82adc2388a8ed1428be077f19e07a7c52b6ba959906e8f14a0c893ce93 check_postgres.pl.asc
 SHA256 f980b970e772001084e308294574dce800dcb6cfd2c74b689b55810e1b44fab1 check_postgres.pl.html
 SHA256 ac0bf76395788f0f80acb21cd44c9fe642f81ef9398367cd2daf0cd498875f64 perlcriticrc
 SHA256 9fcca73430b5197ebda1034292297e22b22f1a2d0bbc560f69c5881893c79da8 t/00_basic.t
==> MISMATCHED content between SIGNATURE and distribution files! <==
sha256sum: 11b52f86c44d6cc26e9a4129e67c2589071dbe1b8ac1f8895761517491c6e44b  check_postgres.tar.gz
jonjensen commented 3 years ago

I confirm this problem. I get the same result.

@turnstep I looked over your README.dev instructions and it seems its order of running make signature_asc and then make signature would work, yet somehow the signature in that particular release tarball was wrong.