Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PHAR signature could not be verified #674

Closed
jakzal opened this issue Aug 26, 2021 · 8 comments
Closed

PHAR signature could not be verified #674

jakzal opened this issue Aug 26, 2021 · 8 comments

Comments

@jakzal
Copy link

jakzal commented Aug 26, 2021

Deptrac installation fails due to signature verification failure (btw, keys seem to have been changed again).

To reproduce:

phive --no-progress install deptrac -t deptrac
Phive 0.14.5 - Copyright (C) 2015-2021 by Arne Blankerts, Sebastian Heuer and Contributors
Fetching repository list
Downloading https://github.com/qossmic/deptrac/releases/download/0.15.1/deptrac.phar
Downloading https://github.com/qossmic/deptrac/releases/download/0.15.1/deptrac.phar.asc
Downloading key A98E898BB53EB748
Trying to connect to keys.openpgp.org (37.218.245.50)
Downloading https://keys.openpgp.org/pks/lookup?op=get&options=mr&search=0xA98E898BB53EB748
Successfully downloaded key.

        Fingerprint: EAE1 02AC FB79 3F59 A0C0 1D74 A98E 898B B53E B748

        Denis Brumann <denis.brumann@qossmic.com>

        Created: 2021-01-29

Import this key? [y|N] y
[ERROR]    Signature could not be verified
[ERROR]    General error
@MGatner
Copy link

MGatner commented Aug 26, 2021

Not sure if this is related, but when I use phive update qossmic/deptrac it only takes me up to version 0.14.1. If I completely remove deptrac and purge the global too then running phive install qossmic/deptrac gives the error above.

New key is A98E898BB53EB748, previously was B8F640134AB1782E.

@MGatner MGatner mentioned this issue Aug 26, 2021
Merged
@dbrumann
Copy link
Collaborator

🙈 It's #598 all over again. I have just uploaded the key to https://keys.openpgp.org and keyserver.ubuntu.com, so it should work now.

The key changed because I was using my work account, instead of my private account. I'm absolutely certain that I used the "upload to keyserver" feature in gpg keychain before releasing, which should submit the key to keys.openpgp.org, but it looks like it didn't work.

@jakzal
Copy link
Author

jakzal commented Aug 26, 2021
edited

The key is available on the server now but unfortunately, the problem persists: Signature could not be verified.

@dbrumann
Copy link
Collaborator

I have just re-release 0.15.1 as 0.15.2 with the old signature. Can you check if it works now?

@MGatner
Copy link

MGatner commented Aug 26, 2021

@dbrumann just kicked off codeigniter4/CodeIgniter4#5021 again, we'll see shortly.

@MGatner
Copy link

MGatner commented Aug 26, 2021

Passed! Thanks for the quick turnaround, all looks good on our end.

@dbrumann
Copy link
Collaborator

Sorry for the troubles. Glad it's working now.

@jakzal
Copy link
Author

jakzal commented Aug 27, 2021

Works, thanks! 🍺

@MGatner MGatner mentioned this issue Aug 27, 2021
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jakzal @dbrumann @MGatner