On 01/28/2016 06:12 AM, Aaron Tovo wrote:
I downloaded libgpg-error-1.21.tar.bz2 again today and it has a the correct size (763186)-rw-rw-r-- 1 aaron aaron 763186 Jan 27 22:53 libgpg-error-1.21(1).tar.bz2 I re-downloaded sig file and it still fails the gpg --verify test.
Is the old libgpg-error-1.21.tar.bz2 (the one you downloaded before, with the wrong size) still present in the same directory? (I assume it is, based on the '(1)' suffix that has been appended to the new file you have just downloaded.)
If that's the case, what happens when you call gpg like this: $ gpg --verify libgpg-error-1.21.tar.bz2.sigis that gpg will assume the signed file to verify is libgpg-error-1.21.tar.bz2. (Recent versions of GnuPG print a warning in situation like this, but older versions are silent about that assumption.)
Either get rid of the old file, or explicitly tell gpg which file it should verify:
$ gpg --verify libgpg-error-1.21.tar.bz2.sig libgpg-error-1.21(1).tar.bz2
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
