On Sun, Apr 18, 2021 at 9:38 AM Abdelatif Guettouche
<abdelatif.guettou...@gmail.com> wrote:
>
> Is it just me or there is an issue with the checksum of the apps tar?
>

Alin,
Can you check this an re-upload. You can verify locally as I showed here
https://gist.github.com/btashton/ee474723013a7040186c91d41a4c7fad#check-the-release-artifacts

After it is uploaded you can also run this script against the uploaded
files, which is where we see the bad checksum.

❯ ./tools/checkrelease.sh --url
https://dist.apache.org/repos/dist/dev/incubator/nuttx/10.1.0-RC0
Downloading release files from
https://dist.apache.org/repos/dist/dev/incubator/nuttx/10.1.0-RC0/
gpg: directory '/tmp/nuttx-checkrelease/.gnupg' created
gpg: keybox '/tmp/nuttx-checkrelease/.gnupg/pubring.kbx' created
gpg: /tmp/nuttx-checkrelease/.gnupg/trustdb.gpg: trustdb created
gpg: key E1B6E30DB05D6280: public key "Brennan Ashton
<btash...@apache.org>" imported
gpg: key 9E711BAD3264C061: public key "Alin Jerpelea
<alin.jerpe...@sony.com>" imported
gpg: Total number processed: 2
gpg:               imported: 2
 OK: https://dist.apache.org/repos/dist/dev/incubator/nuttx/10.1.0-RC0/../KEYS
is imported.
Checking apache-nuttx-10.1.0-incubating.tar.gz sha512...
 OK: apache-nuttx-10.1.0-incubating.tar.gz sha512 hash matches.

Checking apache-nuttx-10.1.0-incubating.tar.gz GPG signature:
gpg: Signature made Sun 18 Apr 2021 07:03:03 AM PDT
gpg:                using RSA key C26CE5B1F2F08DBC0C4DE2409E711BAD3264C061
gpg: Good signature from "Alin Jerpelea <alin.jerpe...@sony.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: C26C E5B1 F2F0 8DBC 0C4D  E240 9E71 1BAD 3264 C061
 OK: apache-nuttx-10.1.0-incubating.tar.gz gpg signature matches.

Checking apache-nuttx-10.1.0-incubating.tar.gz for required files:
 OK: all required files exist in nuttx.

Checking apache-nuttx-apps-10.1.0-incubating.tar.gz sha512...
sha512sum: WARNING: 1 computed checksum did NOT match
apache-nuttx-apps-10.1.0-incubating.tar.gz: FAILED
 - apache-nuttx-apps-10.1.0-incubating.tar.gz sha512 hash does not match.

Checking apache-nuttx-apps-10.1.0-incubating.tar.gz GPG signature:
gpg: Signature made Sun 18 Apr 2021 07:03:03 AM PDT
gpg:                using RSA key C26CE5B1F2F08DBC0C4DE2409E711BAD3264C061
gpg: Good signature from "Alin Jerpelea <alin.jerpe...@sony.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: C26C E5B1 F2F0 8DBC 0C4D  E240 9E71 1BAD 3264 C061
 OK: apache-nuttx-apps-10.1.0-incubating.tar.gz gpg signature matches.

Checking apache-nuttx-apps-10.1.0-incubating.tar.gz for required files:
 OK: all required files exist in apps.

Trying to build nuttx sim:nsh...

Reply via email to