Skip to content

GitLab

Trac
Trac

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed (moved)
Opened by kpdyer@kpdyer

GPG signature is broken for GCC 4.8.3

GCC 4.8.3 is signed by RSA key ID FC26A641.

$ gpg --verify gcc-4.8.3.tar.bz2.sig 
gpg: Signature made Thu May 22 04:09:35 2014 PDT using RSA key ID FC26A641
gpg: Good signature from "Richard Guenther <rguenth@tat.physik.uni-tuebingen.de>"
gpg:                 aka "Richard Guenther (GCC) <rguenth@gcc.gnu.org>"
...

This key is not included in our GCC keyring:

$ gpg gitian/gpg/GCC.gpg 
pub  1024D/C3C45C06 2004-04-21 Jakub Jelinek <jakub@redhat.com>
sub  2048g/241CF083 2004-04-21 [expires: 2020-09-10]
$

So, when I build the tor-browser-bundle, I get:

...
2014-10-07 10:26:55 (14.4 MB/s) - `gcc-4.8.3.tar.bz2.sig' saved [280/280]

GCC: GPG signature is broken for https://ftp.gnu.org/gnu/gcc/gcc-4.8.3/gcc-4.8.3.tar.bz2

Actually, there are six keys that can sign the GCC releases:

https://gcc.gnu.org/mirrors.html

So, we probably want to update gitian/gpg/GCC.gpg to include all six keys.

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information