Wrong values of checksums in buildinfo for server and web

[pdulvp]

When comparing the SHA256 (or sha1/md5) checksum of a downloaded deb for the server and the web part, it doesn't match with the one defined in the buildinfo. (Note that is OK for ffmpeg part)

Testcase:
Go to https://repo.jellyfin.org/?path=/server/debian/latest-stable/amd64
Open the build info, e.g. jellyfin_10.10.7+deb11_amd64.buildinfo

 6996f6c985cc5102078aa75a9d5a13e620f84cbf41f46a2ad630d286774e5cac 46843700 jellyfin-server_10.10.7+deb11_amd64.deb
 83c7cc98486d3168882d4c29de7a453f41049e819fa759bd57ff55c64ec4637a 32747204 jellyfin-web_10.10.7+deb11_all.deb
 12a7132b52cf7f4a3042d655c95e0e322971a443fd252af53a609803e5179a96 1936 jellyfin_10.10.7+deb11_all.deb

Compute (sha256sum) or open the mirror page of the corresponding deb, (it contains on the right the computed sha256 of the deb). It doesn't match.
e.g. https://repo.jellyfin.org/files/server/debian/latest-stable/amd64/jellyfin-web_10.10.7+deb11_all.deb?mirrorlist
e.g. https://repo.jellyfin.org/files/server/debian/latest-stable/amd64/jellyfin-server_10.10.7+deb11_amd64.deb?mirrorlist

Is there some post actions after the build that might invalid it ?
Thanks

[joshuaboniface]

The full build process is here: https://github.com/jellyfin/jellyfin-packaging/blob/master/.github/workflows/release-build.yaml#L50

The only step that would modify the files is debsigs, which signs the packages. I suspect this is why they do not match.