-
Notifications
You must be signed in to change notification settings - Fork 769
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error verifying signature: Invalid GPG signature: (*packet.Signature)( "nil)" #2238
Comments
Thanks for reaching out. That failure doesn’t look like something that should be significantly affected by the build environment; it’s a direct outcome of parsing that signature, with My first guess, absurd as it may seem, is be that, in fact, the two reproducers are not reading the same |
Its the same signature, it's pulled from a repo location. The wrench in the works maybe grs-grp package from gara-sign. |
A friendly reminder that this issue had no activity for 30 days. |
I've built Here's the FROM ubuntu:20.04 AS skopeo-build
ENV GO_VERSION=1.21.8
ENV SKOPEO_VERSION=1.15.0
ENV DEBIAN_FRONTEND=noninteractive
RUN apt update
RUN apt install --no-install-recommends -y curl git-core gcc make pkg-config libgpgme-dev ca-certificates
WORKDIR /usr/local
RUN curl -fsSL "https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz" \
| tar -xzf - --strip-components=1
ENV GOPATH /go
ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH"
WORKDIR /usr/src/skopeo
RUN curl -fsSL "https://github.com/containers/skopeo/archive/refs/tags/v${SKOPEO_VERSION}.tar.gz" \
| tar -xzf - --strip-components=1
RUN CGO_ENABLED=1 DISABLE_DOCS=1 make BUILDTAGS="exclude_graphdriver_btrfs exclude_graphdriver_devicemapper" GO_DYN_FLAGS=
RUN ./bin/skopeo --version
FROM ubuntu:20.04
ENV DEBIAN_FRONTEND=noninteractive
RUN apt update
RUN apt install --no-install-recommends -y libgpgme11
COPY --from=skopeo-build /usr/src/skopeo/bin/skopeo /usr/local/bin/
COPY --from=skopeo-build /usr/src/skopeo/default-policy.json /etc/containers/policy.json
RUN skopeo --version You can bump I build it on my Fedora workstation like this: podman build --pull --tag skopeo-binary .
container_id=$(podman create localhost/skopeo-binary:latest)
# Extract the new "skopeo" executable into the current working directory:
podman cp $container_id:/usr/local/bin/skopeo .
# Clean up the Ubuntu container:
podman rm $container_id
# Distribute the binary somewhere that my CI system can download it:
ssh webserver.example.com "mkdir public_html/somewhere/skopeo-1.15.0/"
rsync skopeo webserver.example.com:public_html/somewhere/skopeo-1.15.0/ |
By the way @jam49 , I also use garasign at my employer. I wonder if our environments are similar ... |
A friendly reminder that this issue had no activity for 30 days. |
Investigating a bit more, this error should is reported when the key ID in the signature does not match any of the provided keys. I don’t see anything obviously related to the version differences reported above triggering the error. I have filed containers/image#2466 to improve the error message, at least, so that it includes the non-matching key ID. |
A friendly reminder that this issue had no activity for 30 days. |
The error reporting improvement was just included in recently-released Skopeo 1.16.0. For now I’ll assume that the key mismatch was the underlying cause, but please reopen if that’s not the case. |
I tried building the new version (eg 1.14.x) for ubuntu 20.04 as per:
#1648
However once built i get :
Error verifying signature: Invalid GPG signature: (*packet.Signature)( "nil)"
when runningskopeo standalone-verify manifest.json <image name> ${gpgkeyfingerprint} signature-1
When running the same command with the skopeo version that comes with ubuntu 20.04 (v1.5.0) the signature verifies fine.
Is there something special about the build in the ubuntu repo?
The text was updated successfully, but these errors were encountered: