New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Misleading error message "GPG verification enabled, but no signatures found" #388
Comments
Ah, you need the gpg key in binary format.
However, this gives me: Which means you need to run this on the repo:
I would also recommend passing in --generate-static-deltas to build-update-repo as it will generate single-file deltas for updates and from-scratch installs, which performs better than many http requests. |
Sorry about not responding earlier btw, was away a bit. |
BTW, using the asc file worked just as well, this didn't make a difference. I am running:
I'll do that when things start working |
@aleixpol Hmm, i dunno if Do you get a |
Yes, and actually I've done it with both and I get the same behaviour. |
Ah, yeah, sorry, I misread the above error it seems. The gpg signature for the summary does indeed exists, its the one for the commit that it complains about. Lemme look at that. |
Quick debugging: The ref for the platform is runtime/org.kde.Platform/x86_64/master which we can see at http://distribute.kde.org/flatpak-testing/refs/heads/runtime/org.kde.Platform/x86_64/master points to That commit exists in the repo as: However, the signature for the commit should be a "*.commitmeta" with the same basename next to it, so for some reason the commit is not signed. Did you specify --gpg-sign=KEY-ID to flatpak-builde when you built the app? |
That's possibly what's missing (although maybe Anyway, I'm getting a segfault when calling
🔥 |
BTW, these are the scripts we're using: https://quickgit.kde.org/?p=flatpak-kde-runtime.git&a=blob&h=72fb2c7d760f9de3173134cd58822128766cc395&hb=a9d1b67f71b6a1936a1628bbfb7a98c99c6b4427&f=Makefile I'm thinking that we should include |
If --gpg-sign= is part of ${EXPORT_ARGS}, then that should be fine, as it will be passed to flatpak-builder. That said, its weird that build-sign is crashing, maybe its regressed at some point. |
Yeah, it crashes here too, we should fix that.
|
Rebuilding everything without |
So, as a user, now that you have figured this out, is there anything flatpak could do that would have helped you here? |
In retrospect, I'd say that it would be great if Also what I ended up doing was passing the gpg args to In general, for me, the frustrating bit with flatpak is that everything works until in the very end when it fails, then tracing the issue back is very hard for me (due to inexperience on the technology, for sure). |
Seeing as I'm running into almost identical issues here:
Let's just say I agree with @aleixpol that there are some gaps in the documentation process when it comes to repo management & signing. |
I'm unable to install our runtimes because I get the following error
GPG verification enabled, but no signatures found
.The repository in question is the following: http://distribute.kde.org/flatpak-testing/
Which does offer a signature file: http://distribute.kde.org/flatpak-testing/summary.sig
The repository was set up as described in the wiki: https://community.kde.org/Flatpak
The text was updated successfully, but these errors were encountered: