On Sun, Apr 18, 2021 at 9:38 AM Abdelatif Guettouche <abdelatif.guettou...@gmail.com> wrote: > > Is it just me or there is an issue with the checksum of the apps tar? >
Alin, Can you check this an re-upload. You can verify locally as I showed here https://gist.github.com/btashton/ee474723013a7040186c91d41a4c7fad#check-the-release-artifacts After it is uploaded you can also run this script against the uploaded files, which is where we see the bad checksum. ❯ ./tools/checkrelease.sh --url https://dist.apache.org/repos/dist/dev/incubator/nuttx/10.1.0-RC0 Downloading release files from https://dist.apache.org/repos/dist/dev/incubator/nuttx/10.1.0-RC0/ gpg: directory '/tmp/nuttx-checkrelease/.gnupg' created gpg: keybox '/tmp/nuttx-checkrelease/.gnupg/pubring.kbx' created gpg: /tmp/nuttx-checkrelease/.gnupg/trustdb.gpg: trustdb created gpg: key E1B6E30DB05D6280: public key "Brennan Ashton <btash...@apache.org>" imported gpg: key 9E711BAD3264C061: public key "Alin Jerpelea <alin.jerpe...@sony.com>" imported gpg: Total number processed: 2 gpg: imported: 2 OK: https://dist.apache.org/repos/dist/dev/incubator/nuttx/10.1.0-RC0/../KEYS is imported. Checking apache-nuttx-10.1.0-incubating.tar.gz sha512... OK: apache-nuttx-10.1.0-incubating.tar.gz sha512 hash matches. Checking apache-nuttx-10.1.0-incubating.tar.gz GPG signature: gpg: Signature made Sun 18 Apr 2021 07:03:03 AM PDT gpg: using RSA key C26CE5B1F2F08DBC0C4DE2409E711BAD3264C061 gpg: Good signature from "Alin Jerpelea <alin.jerpe...@sony.com>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: C26C E5B1 F2F0 8DBC 0C4D E240 9E71 1BAD 3264 C061 OK: apache-nuttx-10.1.0-incubating.tar.gz gpg signature matches. Checking apache-nuttx-10.1.0-incubating.tar.gz for required files: OK: all required files exist in nuttx. Checking apache-nuttx-apps-10.1.0-incubating.tar.gz sha512... sha512sum: WARNING: 1 computed checksum did NOT match apache-nuttx-apps-10.1.0-incubating.tar.gz: FAILED - apache-nuttx-apps-10.1.0-incubating.tar.gz sha512 hash does not match. Checking apache-nuttx-apps-10.1.0-incubating.tar.gz GPG signature: gpg: Signature made Sun 18 Apr 2021 07:03:03 AM PDT gpg: using RSA key C26CE5B1F2F08DBC0C4DE2409E711BAD3264C061 gpg: Good signature from "Alin Jerpelea <alin.jerpe...@sony.com>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: C26C E5B1 F2F0 8DBC 0C4D E240 9E71 1BAD 3264 C061 OK: apache-nuttx-apps-10.1.0-incubating.tar.gz gpg signature matches. Checking apache-nuttx-apps-10.1.0-incubating.tar.gz for required files: OK: all required files exist in apps. Trying to build nuttx sim:nsh...