Bug 440927

Summary: Verifying PGP Signature Fails
Product: [Applications] digikam Reporter: software_frank
Component: Bundle-MacOSAssignee: Digikam Developers <digikam-bugs-null>
Status: RESOLVED FIXED    
Severity: normal CC: anno2300, caulier.gilles
Priority: NOR    
Version: 7.3.0   
Target Milestone: ---   
Platform: macOS (DMG)   
OS: macOS   
Latest Commit: Version Fixed In: 7.5.0
Sentry Crash Report:
Attachments: gpg session for key verification

Description software_frank 2021-08-13 13:48:09 UTC 
Created attachment 140691 [details]
gpg session for key verification

SUMMARY

The package digiKam-7.3.0-MacOS-x86-64.pkg fails PGP signature verification with the key digikamdeveloper@gmail.com (D1CF 2444 A785 8C5F 2FB0...).  Other downloads, for example the 7.2.0 macOS package and the 7.3.0 Windows package pass the verification step, so something is wrong with this specific package.

STEPS TO REPRODUCE
1. Download digiKam-7.3.0-MacOS-x86-64.pkg from any mirror
2. Download the accompanying PGP signature
3. Import the digiKam public key.
4. Verify the signature with gpg --verify <>.sig <>. 

OBSERVED RESULT

gpg reports that the package signature is invalid.

EXPECTED RESULT

gpg reports that the package signature is valid.

SOFTWARE/OS VERSIONS
Windows: 
macOS: 11.5.2 
Linux/KDE Plasma: 
(available in About System)
KDE Plasma Version: 
KDE Frameworks Version: 
Qt Version: 

ADDITIONAL INFORMATION
Comment 1 anno2300 2021-09-19 09:16:17 UTC 
Same problem for me, even if i want to verify the digiKam-7.3.0-MacOS-x86-64.pkg in a linux machine, gpg reports that the package signature is invalid. The 7.2.0 was checked correctly for me. Why is this not fixed since over a month now?
Comment 2 caulier.gilles 2021-12-13 10:19:23 UTC 
Frank,

Stable digiKam 7.4.0 MacOS Package is published. Please check if problem is
reproducible.

Thanks in advance

Gilles Caulier
Comment 3 software_frank 2021-12-13 15:48:14 UTC 
The problem appears to be fixed in the digiKam 7.4.0 macOS release.  The PGP signature is valid using the public key from digiKam.org (digikamdeveloper@gmail.com) with fingerprint D1CF 2444 A785 8C5F 2FB0  95B7 4A77 747B C238 6E50.  Many thanks.