How to verify package signatures in readme.txt.asc (v1.6.2)? #1049

yinso · 2023-10-02T03:59:31Z

yinso
Oct 2, 2023

Hi,
I am trying to verify the package signature for opensnitch_1.6.2-1_amd64.deb on Ubuntu 22.04.

$ sha1sum opensnitch_1.6.2-1_amd64.deb
88cdec1bd2f193bcd2298e225c0c03f39b7fe0e7  opensnitch_1.6.2-1_amd64.deb

which is different from the checksum in the corresponding readme.txt.asc

338b8effbab3d33d4ab345c4b2f1796af1a8eca4  bins/opensnitch_1.6.2-1_amd64.deb

Please let me know if I am doing something incorrectly, thanks.

RyanZim · 2023-10-02T17:49:31Z

RyanZim
Oct 2, 2023

Same result here; and it seems you're following the correct process, as this works correctly for v1.6.1 and v.1.6.3 (UI).

2 replies

yinso Oct 3, 2023
Author

Thanks @RyanZim - does that mean the readme.txt/asc files should be updated?

RyanZim Oct 4, 2023

Seems like there's a problem with them, yes.

RyanZim · 2023-10-24T23:27:55Z

RyanZim
Oct 24, 2023

https://github.com/evilsocket/opensnitch/releases/tag/v1.6.2 now has a note:

[updated 07/10/2023]
readme.txt.asc updated to reflect the correct checksums. The .deb/.rpm files are signed individually after being built, thus the checksums changes.

The readme.txt.asc has been updated, and now lists 88cdec1bd2f193bcd2298e225c0c03f39b7fe0e7 as the correct hash.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

How to verify package signatures in readme.txt.asc (v1.6.2)? #1049

{{title}}

Replies: 2 comments 2 replies

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

How to verify package signatures in readme.txt.asc (v1.6.2)? #1049

yinso Oct 2, 2023

Replies: 2 comments · 2 replies

RyanZim Oct 2, 2023

yinso Oct 3, 2023 Author

RyanZim Oct 4, 2023

RyanZim Oct 24, 2023

yinso
Oct 2, 2023

Replies: 2 comments 2 replies

RyanZim
Oct 2, 2023

yinso Oct 3, 2023
Author

RyanZim
Oct 24, 2023