search

luvit / lit

Toolkit for developing, sharing, and running luvit/lua programs and libraries.
http://lit.luvit.io/
Apache License 2.0
245 stars 58 forks source link

lit publish - Signature verification failure #142

Open ghost opened 8 years ago

ghost commented 8 years ago

lit publish fails for an unknown reason with Signature verification failure:

$ lit publish
lit version: 2.2.16
luvi version: v2.4.0
command: publish
load config: .../.litconfig
checking for updates: urzds/luvit-date
connecting: wss://lit.luvit.io/
no change: urzds/luvit-date/v0.0.1
publishing: urzds/luvit-date/v0.0.1
fail: [string "bundle:libs/codec.lua"]:126: Signature verification failure
stack traceback:
        [C]: in function 'assert'
        [string "bundle:libs/codec.lua"]:126: in function 'read'
        [string "bundle:libs/rdb.lua"]:223: in function 'push'
        [string "bundle:libs/core.lua"]:279: in function 'publish'
        [string "bundle:/commands/publish.lua"]:11: in function 'fn'
        [string "bundle:deps/require.lua"]:293: in function 'require'
        [string "bundle:main.lua"]:50: in function <[string "bundle:main.lua"]:38>
        [C]: in function 'xpcall'
        [string "bundle:main.lua"]:38: in function <[string "bundle:main.lua"]:31>
creationix commented 8 years ago

You might have a package in your local cache that was signed improperly or not signed at all. Try nuking the local cache and trying again. Make sure you've done lit auth with your github username first.

To nuke the local cache, do something like rm -rf ~/.litdb.git.

ghost commented 8 years ago 
$ rm -fr ~/.litdb.git/
$ lit auth
lit version: 2.2.16
luvi version: v2.4.0
command: auth
load config: .../.litconfig
username: urzds
name: ...
email: ...
privateKey: .../.ssh/id_rsa
Enter PEM pass phrase:
checking ssh fingerprint: ...
github request: https://api.github.com/users/urzds/keys?per_page=100
imported key: urzds ...
done: success
$ lit publish
lit version: 2.2.16
luvi version: v2.4.0
command: publish
load config: .../.litconfig
checking for updates: urzds/date
connecting: wss://lit.luvit.io/
fetching: 1 object
fetching: 1 object
fetching: 1 object
fetching: 1 object
fetching: 1 object
fetching: 1 object
fetching: 1 object
fetching: 1 object
including dependency: deep-equal (0.1.2)
including dependency: pretty-print (1.0.4)
including dependency: require (1.3.0)
including dependency: tap (0.1.1)
snapshot hash: 26350d9d9431369e1f2748fe19d20d3b070132b6
new tag: urzds/date/v0.0.1
publishing: urzds/date/v0.0.1
fail: [string "bundle:libs/codec.lua"]:126: Signature verification failure
stack traceback:
        [C]: in function 'assert'
        [string "bundle:libs/codec.lua"]:126: in function 'read'
        [string "bundle:libs/rdb.lua"]:223: in function 'push'
        [string "bundle:libs/core.lua"]:279: in function 'publish'
        [string "bundle:/commands/publish.lua"]:11: in function 'fn'
        [string "bundle:deps/require.lua"]:293: in function 'require'
        [string "bundle:main.lua"]:50: in function <[string "bundle:main.lua"]:38>
        [C]: in function 'xpcall'
        [string "bundle:main.lua"]:38: in function <[string "bundle:main.lua"]:31>
ghost commented 8 years ago

Updating lit to HEAD fixed this.

Could #139 have something to do with this? (Do lit auth and lit publish take different code-paths to get the SSH key? Which would then relate in a mismatched signature?)

creationix commented 8 years ago

lit auth takes a more direct path, but both should use the auto-config logic that was broken for anyone using custom private key paths.

I just published lit 2.2.17 with recent fixes and updated deps.