GPG signature is broken for GCC 4.8.3
GCC 4.8.3 is signed by RSA key ID FC26A641.
$ gpg --verify gcc-4.8.3.tar.bz2.sig gpg: Signature made Thu May 22 04:09:35 2014 PDT using RSA key ID FC26A641 gpg: Good signature from "Richard Guenther <firstname.lastname@example.org>" gpg: aka "Richard Guenther (GCC) <email@example.com>" ...
This key is not included in our GCC keyring:
$ gpg gitian/gpg/GCC.gpg pub 1024D/C3C45C06 2004-04-21 Jakub Jelinek <firstname.lastname@example.org> sub 2048g/241CF083 2004-04-21 [expires: 2020-09-10] $
So, when I build the tor-browser-bundle, I get:
... 2014-10-07 10:26:55 (14.4 MB/s) - `gcc-4.8.3.tar.bz2.sig' saved [280/280] GCC: GPG signature is broken for https://ftp.gnu.org/gnu/gcc/gcc-4.8.3/gcc-4.8.3.tar.bz2
Actually, there are six keys that can sign the GCC releases:
So, we probably want to update
gitian/gpg/GCC.gpg to include all six keys.