Release v1.1.4 broken manifest
Opened this issue · 1 comments
There are three issues with https://github.com/crypto-power/cryptopower/releases/tag/v1.1.4
Issue 1:
sha256sum -c cryptopower-v1.1.4-manifest.txt
cryptopower-v1.1.4.apk: OK
sha256sum: cryptopower-darwin-amd64-v1.1.4.app.zip: No such file or directory
cryptopower-darwin-amd64-v1.1.4.app.zip: FAILED open or read
sha256sum: cryptopower-darwin-arm64-v1.1.4.app.zip: No such file or directory
cryptopower-darwin-arm64-v1.1.4.app.zip: FAILED open or read
cryptopower-linux-amd64-v1.1.4: OK
cryptopower-linux-arm64-v1.1.4: OK
cryptopower-windows-386-v1.1.4.exe: OK
cryptopower-windows-amd64-v1.1.4.exe: OK
sha256sum: WARNING: 2 listed files could not be read
Just renaming the cryptopower-darwin-*
files to include the .app
suffix will fix this. The hashes match otherwise.
Issue 2:
gpg signature check fails because it was created with EDDSA key 45BBDA8A927C44360B18ECC0FF54551AB3BF7E89
. The expected key fingerprint is 5C26BFEC6C2466A528D5551CD05AC74F68976E52
, taken from https://github.com/crypto-power/cryptopower/releases/tag/v1.0.0
Issue 3:
The cryptopower-v1.1.4-manifest.txt.asc
file says Hash: SHA512
in it but the hash algo used is SHA256. This is a minor bug that doesn't prevent verification for me, but it may break verification for software/scripts that actually read this value.
issues 1 and 2 are resolved as at the time to writing this, please check again
however, the cryptopower-v1.1.4-manifest.txt.asc
file is auto generated by gpg
, not sure it's a good idea to manually edit it