Open ghost opened 8 years ago
You might have a package in your local cache that was signed improperly or not signed at all. Try nuking the local cache and trying again. Make sure you've done lit auth
with your github username first.
To nuke the local cache, do something like rm -rf ~/.litdb.git
.
$ rm -fr ~/.litdb.git/
$ lit auth
lit version: 2.2.16
luvi version: v2.4.0
command: auth
load config: .../.litconfig
username: urzds
name: ...
email: ...
privateKey: .../.ssh/id_rsa
Enter PEM pass phrase:
checking ssh fingerprint: ...
github request: https://api.github.com/users/urzds/keys?per_page=100
imported key: urzds ...
done: success
$ lit publish
lit version: 2.2.16
luvi version: v2.4.0
command: publish
load config: .../.litconfig
checking for updates: urzds/date
connecting: wss://lit.luvit.io/
fetching: 1 object
fetching: 1 object
fetching: 1 object
fetching: 1 object
fetching: 1 object
fetching: 1 object
fetching: 1 object
fetching: 1 object
including dependency: deep-equal (0.1.2)
including dependency: pretty-print (1.0.4)
including dependency: require (1.3.0)
including dependency: tap (0.1.1)
snapshot hash: 26350d9d9431369e1f2748fe19d20d3b070132b6
new tag: urzds/date/v0.0.1
publishing: urzds/date/v0.0.1
fail: [string "bundle:libs/codec.lua"]:126: Signature verification failure
stack traceback:
[C]: in function 'assert'
[string "bundle:libs/codec.lua"]:126: in function 'read'
[string "bundle:libs/rdb.lua"]:223: in function 'push'
[string "bundle:libs/core.lua"]:279: in function 'publish'
[string "bundle:/commands/publish.lua"]:11: in function 'fn'
[string "bundle:deps/require.lua"]:293: in function 'require'
[string "bundle:main.lua"]:50: in function <[string "bundle:main.lua"]:38>
[C]: in function 'xpcall'
[string "bundle:main.lua"]:38: in function <[string "bundle:main.lua"]:31>
Updating lit to HEAD fixed this.
Could #139 have something to do with this? (Do lit auth
and lit publish
take different code-paths to get the SSH key? Which would then relate in a mismatched signature?)
lit auth
takes a more direct path, but both should use the auto-config logic that was broken for anyone using custom private key paths.
I just published lit 2.2.17 with recent fixes and updated deps.
lit publish
fails for an unknown reason withSignature verification failure
: