Tor Browser builds are broken due to failing pycrypto signature check
When downloading pycrypto
and checking its signature we get
gpg: Signature made Tue 15 Oct 2013 12:39:39 AM CEST using DSA key ID 2C77FFB0
gpg: Good signature from "Dwayne Litzenberger <dlitz@dlitz.net>"
gpg: aka "Dwayne C. Litzenberger <dlitz@dlitz.net>"
gpg: WARNING: Using untrusted key!
[GNUPG:] KEYEXPIRED 1476988881
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
[GNUPG:] KEYEXPIRED 1476988881
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
[GNUPG:] SIG_ID WkH8dtL73r6jNEtq6iuYq1lo2yQ 2013-10-14 1381790379
[GNUPG:] KEYEXPIRED 1476988881
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
[GNUPG:] EXPKEYSIG 9B8AA8CA2C77FFB0 Dwayne Litzenberger <dlitz@dlitz.net>
[GNUPG:] KEYEXPIRED 1476988881
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
[GNUPG:] VALIDSIG E110D9A8C590EE8C2049B21C9B8AA8CA2C77FFB0 2013-10-14 1381790379 0 4 0 17 10 00 19E11FE8B3CFF273ED174A24928CEC1339C25CF7
PYCRYPTO: GPG signature is broken for https://pypi.python.org/packages/source/p/pycrypto/pycrypto-2.6.1.tar.gz
But we do in fetch-inputs.sh
if grep -q '^\[GNUPG:\] GOODSIG ' "$tmpfile"; then
return 0
else
return 1
Thus, we fail hard.