search

tianon / gosu

Simple Go-based setuid+setgid+setgroups+exec
Apache License 2.0
4.71k stars 320 forks source link

Couldn't install gosu because the signature could not be verified #31

Closed buchireddy closed 7 years ago

buchireddy commented 7 years ago

Hi,

I'm unable to install gosu in my Docker image. I have changed the keyserver URL as mentioned in other issues because I'm behind the firewall and I see that the public key is imported correctly but it fails in the verification step.

Output of docker build command.

Step 4 : ENV GOSU_VERSION 1.9
 ---> Using cache
 ---> 66a08125700f
Step 5 : RUN mkdir -p /etc/app/config
 ---> Using cache
 ---> 47dd63641ac8
Step 6 : RUN apt-get update &&  apt-get install -y --no-install-recommends unzip apt-transport-https ca-certificates curl
 ---> Using cache
 ---> c28b932deba6
Step 7 : RUN dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" &&     curl "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" -o /usr/local/bin/gosu &&     curl "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" -o /usr/local/bin/gosu.asc
 ---> Using cache
 ---> 99b1fd766a4d
Step 8 : RUN export GNUPGHOME="$(mktemp -d)" &&     gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 &&     gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu
 ---> Running in 51df7ccf1705
gpg: keyring `/tmp/tmp.2rv7a664W5/secring.gpg' created
gpg: keyring `/tmp/tmp.2rv7a664W5/pubring.gpg' created
gpg: requesting key BF357DD4 from hkp server p80.pool.sks-keyservers.net
gpg: /tmp/tmp.2rv7a664W5/trustdb.gpg: trustdb created
gpg: key BF357DD4: public key "Tianon Gravi <tianon@tianon.xyz>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.
The command '/bin/sh -c export GNUPGHOME="$(mktemp -d)" &&     gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 &&     gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu' returned a non-zero code: 2

Any ideas?

tianon commented 7 years ago

no valid OpenPGP data found sounds like something happened to your HKP traffic (proxy?)

You can try hkps, ie, https://sks-keyservers.net/overview-of-pools.php#pool_hkps, but I'd recommend trying again (to see if it was a temporary issue) and/or verifying whether your proxy configuration is correct (or something else is interfering with your network traffic).

buchireddy commented 7 years ago

Yeah, there could be some proxy/firewall in my organization.

I have tried with hkps and that didn't help too.

Step 8 : RUN export GNUPGHOME="$(mktemp -d)" &&     gpg --keyserver hkps://hkps.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 &&     gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu
 ---> Running in f497015f7411
gpgkeys: HTTP fetch error 1: unsupported protocol
gpg: keyring `/tmp/tmp.nr6N5hjZPa/secring.gpg' created
gpg: keyring `/tmp/tmp.nr6N5hjZPa/pubring.gpg' created
gpg: requesting key BF357DD4 from hkps server hkps.pool.sks-keyservers.net
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: keyserver communications error: ?
gpg: keyserver communications error: g10err=127
gpg: keyserver receive failed: g10err=127
buchireddy commented 7 years ago

Hmm.. It's so weird. I just found that I'm not seeing this issue if I use wget -O instead of curl -o. This might be some curl nuance. Any ideas please?

buchireddy commented 7 years ago

Never mind. The failure was because I wasn't following the redirects. Using curl -L -o fixed the issue.