X
Tap here to go to the mobile version of the site.

Support Forum

No public key for Firefox funnelcake.

Posted

When I download the latest version of Firefox from "https://www.mozilla.org/en-US/firefox/all/#en-US" It downloads Funnelcake.Sha 512 9afd084156f5fda909cc51b2ebf539e75f788fa4c80b78445797ceb845041c0838e287493a0f849d1f357ecf7493efc1adabc786eb53b80fbeff6e433cbb2506

When I go to "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/" to verify via PGP I only see the the "Firefox 40.3.dmg.asc" but no public key like other releases. If I try to validate the "Firefox 40.3.dmg.asc" using the "Mozilla software release public key" it does not authenticate. But If I go to Firefox 40. it autheticates usung PGP and it has the public key in the folder "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/40.0/" Anyone know why?

When I download the latest version of Firefox from "https://www.mozilla.org/en-US/firefox/all/#en-US" It downloads Funnelcake.Sha 512 9afd084156f5fda909cc51b2ebf539e75f788fa4c80b78445797ceb845041c0838e287493a0f849d1f357ecf7493efc1adabc786eb53b80fbeff6e433cbb2506 When I go to "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/" to verify via PGP I only see the the "Firefox 40.3.dmg.asc" but no public key like other releases. If I try to validate the "Firefox 40.3.dmg.asc" using the "Mozilla software release public key" it does not authenticate. But If I go to Firefox 40. it autheticates usung PGP and it has the public key in the folder "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/40.0/" Anyone know why?

Modified by James

Additional System Details

Installed Plug-ins

  • The QuickTime Plugin allows you to view a wide variety of multimedia content in web pages. For more information, visit the QuickTime Web site.

Application

  • User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:40.0) Gecko/20100101 Firefox/40.0

More Information

FredMcD
  • Top 10 Contributor
4269 solutions 59868 answers

Did some research, and got very hungry looking thru all those cakes.

http://community.norton.com/en/search/site/Funnelcake

You are not alone.

Did some research, and got very hungry looking thru all those cakes. http://community.norton.com/en/search/site/Funnelcake You are not alone.
cor-el
  • Top 10 Contributor
  • Moderator
17578 solutions 158993 answers

Funnelcake builds are an experiment for (new) Firefox users that offer a different Firefox version for testing the user experience.

I don't think that there are checksums available for such special builds, they are only available for the official releases.

There are more such builds planned:

  • Bug 1202786 - Create funnelcake builds for OSX EN with a 2nd Tab at FirstRun.
  • Bug 1205743 - Create funnelcake builds for Firefox 41.0 to understand SEM acquired users
  • Bug 1184279 - Create funnelcake builds to test Firefox homepage variations

Please do not comment in bug reports
https://bugzilla.mozilla.org/page.cgi?id=etiquette.html

Funnelcake builds are an experiment for (new) Firefox users that offer a different Firefox version for testing the user experience. I don't think that there are checksums available for such special builds, they are only available for the official releases. There are more such builds planned: *Bug 1202786 - Create funnelcake builds for OSX EN with a 2nd Tab at FirstRun. *Bug 1205743 - Create funnelcake builds for Firefox 41.0 to understand SEM acquired users *Bug 1184279 - Create funnelcake builds to test Firefox homepage variations <i>Please do not comment in bug reports<br>https://bugzilla.mozilla.org/page.cgi?id=etiquette.html</i>

Question owner

Then why is there a Firefox 40.3.dmg.asc file which is a signature file used with PGP?

Then why is there a Firefox 40.3.dmg.asc file which is a signature file used with PGP?
cor-el
  • Top 10 Contributor
  • Moderator
17578 solutions 158993 answers

OK, I missed the .asc file.

I see this on Linux in a terminal window with the KEY file present in the Firefox 40.0.3 release folder.

gpg --import <KEY
gpg: key D98F0353: public key "Mozilla Software Releases <release@mozilla.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

gpg -v --verify "Firefox 40.0.3.dmg.asc"
Version: GnuPG v2.0.14 (GNU/Linux)
gpg: armor header: 
gpg: assuming signed data in `Firefox 40.0.3.dmg'
gpg: Signature made Tue 15 Sep 2015 12:47:04 AM CEST using RSA key ID 5E9905DB
gpg: using subkey 5E9905DB instead of primary key D98F0353
gpg: using PGP trust model
gpg: Good signature from "Mozilla Software Releases <release@mozilla.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 14F2 6682 D091 6CDD 81E3  7B6D 61B7 B526 D98F 0353
     Subkey fingerprint: F2EF 4E6E 6AE7 5B95 F11F  1EB5 1C69 C4E5 5E99 05DB
gpg: binary signature, digest algorithm SHA1
OK, I missed the .asc file. I see this on Linux in a terminal window with the KEY file present in the Firefox 40.0.3 release folder. <pre><nowiki>gpg --import <KEY gpg: key D98F0353: public key "Mozilla Software Releases <release@mozilla.com>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) gpg -v --verify "Firefox 40.0.3.dmg.asc" Version: GnuPG v2.0.14 (GNU/Linux) gpg: armor header: gpg: assuming signed data in `Firefox 40.0.3.dmg' gpg: Signature made Tue 15 Sep 2015 12:47:04 AM CEST using RSA key ID 5E9905DB gpg: using subkey 5E9905DB instead of primary key D98F0353 gpg: using PGP trust model gpg: Good signature from "Mozilla Software Releases <release@mozilla.com>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 14F2 6682 D091 6CDD 81E3 7B6D 61B7 B526 D98F 0353 Subkey fingerprint: F2EF 4E6E 6AE7 5B95 F11F 1EB5 1C69 C4E5 5E99 05DB gpg: binary signature, digest algorithm SHA1</nowiki></pre>

Question owner

This doesn't tell me how to verify Funnel cake via PGP?

This doesn't tell me how to verify Funnel cake via PGP?