Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

verifying bind-9.10.0 download

10 views
Skip to first unread message

mm half

unread,
May 2, 2014, 8:50:45 PM5/2/14
to bind-...@lists.isc.org
Hello,

I have downloaded bind-9.10.0.tar.gz from the ISC download site, imported in the pgpkey2013.txt located at:   https://www.isc.org/downloads/software-support-policy/openpgp-key/ , and can't seem to get any of the signature files to pass the verify test using gpg :



gpg --import pgpkey2013.txt 
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: key 189CDBC5: public key "Internet Systems Consortium, Inc. (Signing key, 2013) <code...@isc.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)




gpg --verify bind-9.10.0.tar.gz.asc bind-9.10.0.tar.gz
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: Signature made Tue Apr 29 16:12:28 2014 EDT using RSA key ID 189CDBC5
gpg: BAD signature from "Internet Systems Consortium, Inc. (Signing key, 2013) <code...@isc.org>"


gpg --verify bind-9.10.0.tar.gz.sha512.asc bind-9.10.0.tar.gz
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: Signature made Tue Apr 29 16:12:25 2014 EDT using RSA key ID 189CDBC5
gpg: BAD signature from "Internet Systems Consortium, Inc. (Signing key, 2013) <code...@isc.org>"


gpg --verify bind-9.10.0.tar.gz.sha256.asc bind-9.10.0.tar.gz
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: Signature made Tue Apr 29 16:12:26 2014 EDT using RSA key ID 189CDBC5
gpg: BAD signature from "Internet Systems Consortium, Inc. (Signing key, 2013) <code...@isc.org>"



I am sure its a user error mistake, but wanted to verify other bind users are able to verify the downloaded files correctly, before digging any deeper into the problem.  If anyone has been able to verify the latest stable release using the posted keys, please let me know.

Thanks,


 
*****The content of this message is my personal opinion only, and should not be construed as anything that has been through rigorous scrutiny of the professional groups who devote their life and work to the topics being discussed********

Evan Hunt

unread,
May 2, 2014, 9:07:57 PM5/2/14
to mm half, bind-...@lists.isc.org
On Fri, May 02, 2014 at 05:50:45PM -0700, mm half wrote:
> I have downloaded bind-9.10.0.tar.gz from the ISC download site, imported in the pgpkey2013.txt located at: ��https://www.isc.org/downloads/software-support-policy/openpgp-key/�,�and can't seem to get any of the signature files to pass the verify test using gpg :
>
>
> gpg --verify bind-9.10.0.tar.gz.asc bind-9.10.0.tar.gz
> gpg: WARNING: using insecure memory!
> gpg: please see http://www.gnupg.org/faq.html for more information
> gpg: Signature made Tue Apr 29 16:12:28 2014 EDT using RSA key ID 189CDBC5
> gpg: BAD signature from "Internet Systems Consortium, Inc. (Signing key, 2013) <code...@isc.org>"

Works fine for me. Check the fingerprint on the tarball, it should be:

SHA256(bind-9.10.0.tar.gz)=
acc2f5cc58c121f927e02c23e7e3e2e4876139eaac4a9df71800d4a38917c887

--
Evan Hunt -- ea...@isc.org
Internet Systems Consortium, Inc.

Noel Butler

unread,
May 2, 2014, 10:08:00 PM5/2/14
to bind-...@lists.isc.org

OK here too.

mm half

unread,
May 5, 2014, 1:54:43 PM5/5/14
to Evan Hunt, bind-...@lists.isc.org

Thanks Evan.  Corrupted downloads.  Had to change the default gateway to get a valid source download. 

0 new messages