Hi Dejan, It looks like my mistake. My Browser corrupted the first download, and when i went to subsequent mirrors it was renaming the downloads by appending .1, .2, etc. I did not notice this so each time i did the verify it was was still looking at the first file.
I deleted the corrupted download repeated the download and now get the correct response: gpg --verify apache-activemq-5.3.1-bin.tar.gz.asc gpg: Signature made Thu Mar 18 10:38:14 2010 EDT using DSA key ID 6852C7DA gpg: Good signature from "Dejan Bosanac <[email protected]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: A526 834C C957 4F59 465A 0C88 C31A 3F70 6852 C7DA Thanks for the quick response, and all the great work on this product. Dejan Bosanac wrote: > > Hi, > > I talked too soon as the asc file I downloaded was renamed by the browser > during the download. > > I just repeated the procedure on the clean machine and everything looks > good > > dej...@dejanb-desktop:~/downloads/test$ ll > total 32392 > drwxr-xr-x 2 dejanb dejanb 4096 2010-04-14 16:57 . > drwxr-xr-x 4 dejanb dejanb 4096 2010-04-14 16:57 .. > -rw-r--r-- 1 dejanb dejanb 33100361 2010-04-14 16:57 > apache-activemq-5.3.1-bin.tar.gz > -rw-r--r-- 1 dejanb dejanb 197 2010-04-14 16:50 > apache-activemq-5.3.1-bin.tar.gz.asc > -rw-r--r-- 1 dejanb dejanb 14086 2010-04-14 16:50 KEYS > dej...@dejanb-desktop:~/downloads/test$ gpg --import KEYS > gpg: keyring `/home/dejanb/.gnupg/secring.gpg' created > gpg: keyring `/home/dejanb/.gnupg/pubring.gpg' created > gpg: /home/dejanb/.gnupg/trustdb.gpg: trustdb created > gpg: key F5BA7E4F: public key "Hiram Chirino <[email protected]>" > imported > gpg: key 56F3E01B: public key "David Jencks (geronimo) > <[email protected]>" imported > gpg: key 456DFEA9: public key "David M. Johnson (Dave Johnson) > <[email protected]>" imported > gpg: key 17AA5B25: public key "David Johnson <[email protected]>" > imported > gpg: key 69CC103E: public key "Gary Tully (key for apache releases) > <[email protected]>" imported > gpg: key 2C983957: public key "Bruce Snyder <[email protected]>" imported > gpg: key 6852C7DA: public key "Dejan Bosanac <[email protected]>" > imported > gpg: Total number processed: 7 > gpg: imported: 7 (RSA: 1) > gpg: no ultimately trusted keys found > dej...@dejanb-desktop:~/downloads/test$ gpg --verify > apache-activemq-5.3.1-bin.tar.gz.asc > gpg: Signature made Thu 18 Mar 2010 03:38:14 PM CET using DSA key ID > 6852C7DA > gpg: Good signature from "Dejan Bosanac <[email protected]>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: A526 834C C957 4F59 465A 0C88 C31A 3F70 6852 > C7DA > dej...@dejanb-desktop:~/downloads/test$ > > > I'm noticing that your archive size is not the same size as one I just > downloaded. Can you pass the link to the mirror you were using? > > Cheers > -- > Dejan Bosanac - http://twitter.com/dejanb > > Open Source Integration - http://fusesource.com/ > ActiveMQ in Action - http://www.manning.com/snyder/ > Blog - http://www.nighttale.net > > > On Wed, Apr 14, 2010 at 4:40 PM, Dejan Bosanac <[email protected]> > wrote: > >> Hi Chet, >> >> I get the same error. I'll investigate what's the problem. But I think >> you're safe using the release in the meantime. Alternatively, you can >> build >> it yourself. >> >> Cheers >> -- >> Dejan Bosanac - http://twitter.com/dejanb >> >> Open Source Integration - http://fusesource.com/ >> ActiveMQ in Action - http://www.manning.com/snyder/ >> Blog - http://www.nighttale.net >> >> >> On Wed, Apr 14, 2010 at 4:32 PM, Dejan Bosanac >> <[email protected]>wrote: >> >>> Hi, >>> >>> let me try to verify it ... and see where the problem is. >>> >>> Cheers >>> -- >>> Dejan Bosanac - http://twitter.com/dejanb >>> >>> Open Source Integration - http://fusesource.com/ >>> ActiveMQ in Action - http://www.manning.com/snyder/ >>> Blog - http://www.nighttale.net >>> >>> >>> >>> On Wed, Apr 14, 2010 at 4:04 PM, Chet Graham >>> <[email protected]>wrote: >>> >>>> >>>> I've downloaded the following from several mirrors: >>>> >>>> 33068436 Apr 14 09:12 apache-activemq-5.3.1-bin.tar.gz >>>> 197 Apr 14 09:51 apache-activemq-5.3.1-bin.tar.gz.asc >>>> 14086 Apr 14 09:24 KEYS.txt >>>> >>>> and performed these steps: >>>> >>>> gpg --import KEYS.txt >>>> gpg: key F5BA7E4F: "Hiram Chirino <[email protected]>" not changed >>>> gpg: key 56F3E01B: "David Jencks (geronimo) <[email protected]>" >>>> not >>>> changed >>>> gpg: key 456DFEA9: "David M. Johnson (Dave Johnson) < >>>> [email protected]>" >>>> not changed >>>> gpg: key 17AA5B25: "David Johnson <[email protected]>" not changed >>>> gpg: key 69CC103E: "Gary Tully (key for apache releases) >>>> <[email protected]>" not changed >>>> gpg: key 2C983957: "Bruce Snyder <[email protected]>" not changed >>>> gpg: key 6852C7DA: "Dejan Bosanac <[email protected]>" not changed >>>> gpg: Total number processed: 7 >>>> gpg: unchanged: 7 >>>> >>>> gpg --verify apache-activemq-5.3.1-bin.tar.gz.asc >>>> gpg: Signature made Thu Mar 18 10:38:14 2010 EDT using DSA key ID >>>> 6852C7DA >>>> gpg: BAD signature from "Dejan Bosanac <[email protected]>" >>>> >>>> Anyone else hitting this issue? I'm reluctant to proceed with >>>> installing >>>> this release. >>>> >>>> gpg --version >>>> gpg (GnuPG) 1.4.7 >>>> Copyright (C) 2006 Free Software Foundation, Inc. >>>> This program comes with ABSOLUTELY NO WARRANTY. >>>> This is free software, and you are welcome to redistribute it >>>> under certain conditions. See the file COPYING for details. >>>> >>>> Home: ~/.gnupg >>>> Supported algorithms: >>>> Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA >>>> Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH >>>> Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 >>>> Compression: Uncompressed, ZIP, ZLIB, BZIP2 >>>> >>>> >>>> -- >>>> View this message in context: >>>> http://old.nabble.com/BAD-signature-on-ActiveMQ-5.3.1-unix-binary-download--tp28243080p28243080.html >>>> Sent from the ActiveMQ - User mailing list archive at Nabble.com. >>>> >>>> >>> >> > > > ----- > Dejan Bosanac > > Open Source Integration - http://fusesource.com/ > ActiveMQ in Action - http://www.manning.com/snyder/ > Blog - http://www.nighttale.net > -- View this message in context: http://old.nabble.com/BAD-signature-on-ActiveMQ-5.3.1-unix-binary-download--tp28243080p28244048.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.
