Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Den här webbplatsen har begränsad funktionalitet medan vi utför underhåll för att förbättra din upplevelse. Om en artikel inte löser ditt problem och du vill ställa en fråga har vi vår gemenskap som väntar på att hjälpa dig på @FirefoxSupport på Twitter, /r/firefox på Reddit.

Sök i support

Akta dig för supportbedrägerier: Vi kommer aldrig att be dig att ringa eller skicka ett sms till ett telefonnummer eller dela personlig information. Rapportera misstänkt aktivitet med alternativet "Rapportera missbruk".

Läs mer

bad PGP/GPG signatures for all Win32 Mozilla firefox partial.mar files

  • 5 svar
  • 20 har detta problem
  • 9 visningar
  • Senaste svar av Brown Fox

more options

I checked the .asc signature for the Mozilla 12.0 update firefox-11.0-12.0.partial.mar and came up with:

Signature made Fri, Apr 20, 2012 21:24:01 EDT using DSA key ID C52175E2 BAD signature from "Mozilla Software Releases <releases@mozilla.org>"

The MD5, SHA1 and SHA512 checksums come back OK.

I checked the .asc signature for the Mozilla 12.0 update firefox-11.0-12.0.partial.mar and came up with: Signature made Fri, Apr 20, 2012 21:24:01 EDT using DSA key ID C52175E2 BAD signature from "Mozilla Software Releases <releases@mozilla.org>" The MD5, SHA1 and SHA512 checksums come back OK.

Ändrad av Carolina Calling

Alla svar (5)

more options

Hello carolinacalling,

I'm sorry to hear that you are experiencing some issues with the Mozilla Firefox installation and would like to apologize for the long wait time. It seems like you are trying to download Firefox from an unofficial website (Cygwin). The signature problem doesn't seem to be some big trouble, but I would rather download the web browser from the official download page to ensure stability and security of your web activities.

If you have any more inquiries regarding this matter, please feel free to write them in a reply below.

Thank you for your valuable time and your great patience and all your interest in Mozilla Firefox. Surf safe and have a great day!

more options

An interesting interpretation of the facts...

Cygwin, an OpenSource project of Red Hat Inc., (available at http://cygwin.com) is:

   • a collection of tools which provide a Linux look and feel environment for Windows.
   • a DLL (cygwin1.dll) which acts as a Linux API layer providing substantial Linux API functionality. 

Now, using these tools, specifically the rsync tool (which uses the rsync TCP/IP protocol), I downloaded the update MAR file from the OFFICIAL site using the Rsync address:

rsync://releases-rsync.mozilla.org::mozilla-releases/firefox/releases/12.0/update/win32/en-US/firefox*.mar*

(This is equivalent to: http://releases.mozilla.org/pub/mozilla.org/firefox/releases/12.0/update/win32/en-US/)

This retrieved:

firefox-11.0-12.0.partial.mar
firefox-11.0-12.0.partial.mar.asc
firefox-12.0.complete.mar
firefox-12.0.complete.mar.asc

The .asc extension is short for ASCII (alternatively, this could be, by convention, .sig,) and contains the digital signature generated using the "Mozilla Software Releases" PGP'/GPG key, DSA key ID C52175E2. PGP/GPG are authentication tools that use the RSA encryption algorithm to generate digital signatures that guarantee the veracity of a file or message. The signature for firefox-11.0-12.0.partial.mar does NOT verify. The output of GPG is:

+ gpg --verify firefox-11.0-12.0.partial.mar.asc firefox-11.0-12.0.partial.mar
...
gpg: Signature made Fri, Apr 20, 2012 21:24:01 EDT using DSA key ID C52175E2
gpg: BAD signature from "Mozilla Software Releases "

Official MD5, SHA1 and SHA512 checksums are also available for this file and its signature. They DO verify properly. For example:

+ md5sum -c .md5sum (.md5sum is extracted from MD5SUMS)
...
update/win32/en-US/firefox-12.0.complete.mar: OK
update/win32/en-US/firefox-12.0.complete.mar.asc: OK
update/win32/en-US/firefox-11.0-12.0.partial.mar: OK
update/win32/en-US/firefox-11.0-12.0.partial.mar.asc: OK

Would someone, please, check why a bad PGP/GPG signature for this file is being distributed? All the Mozilla12.0 partial.mar signatures I've checked (en-{GB,US,ZA}, zh-{CN,TW}) are bad.

more options

To continue this little saga, the latest Firefox, 13.0, continues to have the same problem with the partial.mar files. (BTW, Thunderbird has this problem, too!) I.E, the file firefox-12.0-13.0.partial.mar.asc has a bad signature in all the cases I checked (en-{GB,US,ZA},zh-{CN,TW},ru,fr). Again, all the checksums verify.

Can someone on the release team (logistics?), please, please, please, generate correct PGP/GPG signatures for the partial.mar files (in Firefox and Thunderbird).

Ändrad av Carolina Calling

more options

Yet again, for Firefox 13.0.1, the partial mar files do not verify against the asc files. This is true for all the cases I checked (en-{GB,US,ZA},zh-{CN,TW},ru,fr,hu). The only Thunderbird 13.0.1 partial mar file I checked (en-US) also failed. As before, the MD5, SHA1 and SHA512 checksums of the incorrect asc files verify.

I find it odd that having these asc files verifying isn't a release criteria....

Ändrad av Carolina Calling

more options

Did the MD5 values check out? Could you display what MD5 values you received from the site?