Hello All.
Would you please assist?
Problem:
Registering a signing script fails on pulp/pulp-minimal:3.31 started as API
The signing script works fine manually
Also it seems the the singing is completed but verification fails.
bash-4.4$ gpg testfile.asc
gpg: WARNING: no command supplied. Trying to guess what you mean ...
gpg: assuming signed data in 'testfile'
gpg: Signature made Fri 18 Aug 2023 03:20:09 PM CEST
gpg: using RSA key E38DEFEB15E1356215FAC26E09EE34F78BEEB7E6
gpg: Good signature from "LSB (Linux RPM Software Repository TEST Vault) <solutions@list.com>" [ultimate]
The external gpg signer is Hasicorp Vault and plugin: vault-gpg-plugin
Expected outcome:
Need help to get more information on the error.
Pulpcore version:
ansible-core 2.13.11
pulpcore 3.31.0
Pulp plugins installed and their versions:
Operating system - distribution and version:
NAME=“CentOS Stream”
VERSION=“8”
ID=“centos”
ID_LIKE=“rhel fedora”
VERSION_ID=“8”
PLATFORM_ID=“platform:el8”
PRETTY_NAME=“CentOS Stream 8”
Other relevant data:
The signer script:
FILE_PATH="$1"
SIGNATURE_PATH="$1.asc"
curl -s --header “X-Vault-Token: $VAULT_TOKEN” -X POST
–data ‘{ “format” : “ascii-armor”, “input” : "’$(base64 -w0 $1 )’" }’
$VAULT_GPG_SIGNER | jq -r .data.signature > “${SIGNATURE_PATH}” || exit $?
echo “{“file”: “$FILE_PATH”, “signature”: “$SIGNATURE_PATH”}”
This is set for user pulp:
PULP_SIGNING_KEY_FINGERPRINT=E38DEFEB15E1356215FAC26E09EE34F78BEEB7E6
Register command:
/usr/local/bin/pulpcore-manager add-signing-service collection_signer_vault /var/lib/pulp/scripts/vault_collection_sign.sh E38DEFEB15E1356215FAC26E09EE34F78BEEB7E6
Output from register command.
/usr/local/bin/pulpcore-manager add-signing-service --gnupghome /var/lib/pulp/.gnupg collection_signer_vault /var/lib/pulp/scripts/vault_collection_sign.sh E38DEFEB15E1356215FAC26E09EE34F78BEEB7E6
pulp [None]: gnupg:WARNING: gpg returned a non-zero error code: 2
Traceback (most recent call last):
File "/usr/local/bin/pulpcore-manager", line 8, in <module>
sys.exit(manage())
File "/usr/local/lib/python3.8/site-packages/pulpcore/app/manage.py", line 11, in manage
execute_from_command_line(sys.argv)
File "/usr/local/lib/python3.8/site-packages/django/core/management/__init__.py", line 442, in execute_from_command_line
utility.execute()
File "/usr/local/lib/python3.8/site-packages/django/core/management/__init__.py", line 436, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 412, in run_from_argv
self.execute(*args, **cmd_options)
File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 458, in execute
output = self.handle(*args, **options)
File "/usr/local/lib/python3.8/site-packages/pulpcore/app/management/commands/add-signing-service.py", line 89, in handle
SigningService.objects.create(
File "/usr/local/lib/python3.8/site-packages/django/db/models/manager.py", line 87, in manager_method
return getattr(self.get_queryset(), name)(*args, **kwargs)
File "/usr/local/lib/python3.8/site-packages/django/db/models/query.py", line 658, in create
obj.save(force_insert=True, using=self.db)
File "/usr/local/lib/python3.8/site-packages/pulpcore/app/models/content.py", line 870, in save
self.validate()
File "/usr/local/lib/python3.8/site-packages/pulpcore/app/models/content.py", line 908, in validate
gpg_verify(self.public_key, return_value["signature"], temp_file.name)
File "/usr/local/lib/python3.8/site-packages/pulpcore/app/util.py", line 294, in gpg_verify
raise InvalidSignatureError(_("The signature is not valid."), verified=verified)
pulpcore.exceptions.validation.InvalidSignatureError: The signature is not valid.
Thank you.