Am Trying to build a debian package from source, it signs the package once the source builds.
Am able to build package on my desktop but same package build is failing on my VNC session which is the same desktop.
success on desktop:
----------
Now signing changes and any dsc files...
signfile <file1>.changes info#abc.com
gpg: key 9F54A1B3: secret key without public key - skipped
Successfully signed changes file
---------------------------
Error on VNC:
----------
Now signing changes and any dsc files...
signfile <file1>.changes info#abc.com
gpg: key 9F54A1B3: secret key without public key - skipped
gpg: problem with the agent - disabling agent use
debsign: gpg --no-tty --passphrase tigris error occurred! Aborting....
debuild: fatal error at line 1283:
running debsign failed
Do I need to add anything to the keyring may be. Here is the gpg key list
root#vdeore:/home/vdeore/ws/VCA# gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub 1024R/A3888BE1 2015-01-15
uid vdeore <info#abc.com>
sub 1024R/9965A356 2015-01-15
pub 1024R/EAE69D3A 2015-01-15
uid abc <info#abc.com>
sub 1024R/79C683AB 2015-01-15
Tried generating key on VNC, but it did not make any difference.
Any suggestions ? Appreciate the help, thanks in advance.
Related
I'm trying to install Terraform on Ubuntu with:
https://developer.hashicorp.com/terraform/tutorials/docker-get-started/install-cli
When trying to verify Hashicorp's GPG signing key I see this command
gpg --no-default-keyring \
--keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg \
--fingerprint
should have the expected output of
/usr/share/keyrings/hashicorp-archive-keyring.gpg
-------------------------------------------------
pub rsa4096 2020-05-07 [SC]
E8A0 32E0 94D8 EB4E A189 D270 DA41 8C88 A321 9F7B
uid [ unknown] HashiCorp Security (HashiCorp Package Signing) <security+packaging#hashicorp.com>
sub rsa4096 2020-05-07 [E]
as of the posting of this question. This also matches Hashicorp's Security page under the heading Linux Package Checksum Verification.
However, I see a new key created 2023-01-10 instead:
/usr/share/keyrings/hashicorp-archive-keyring.gpg
-------------------------------------------------
pub rsa4096 2023-01-10 [SC] [expires: 2028-01-09]
798A EC65 4E5C 1542 8C8E 42EE AA16 FCBC A621 E701
uid [ unknown] HashiCorp Security (HashiCorp Package Signing) <security+packaging#hashicorp.com>
sub rsa4096 2023-01-10 [S] [expires: 2028-01-09]
Am I correct in not trusting this key, as until Hashicorp fixes their documentation, this could be a compromised key?
HashiCorp has rotated its main signing keys this week.
The updated key, along with a note confirming the change of key, is now in the Official Packaging Guide document.
I'm working with linux gnuPG. It looks like at some point I received a public key without a UID. I've since receaved a new key, with uid, but the original key can not be deleted from the chain. Further more when trying to restore keys from a backup it fails at this key.
$ gpg --delete-keys D7FA4AC2
gpg (GnuPG) 2.0.22; Copyright ...
Fatal error: Invalid argument
Aborted
$gpg --list-keys --keyid-format long D7FAC2
pub 2048/83191D...
uid
sub 2048R/E1387...
$gpg --delete-key 83191D...
gpg (GnuPG) 2.0.22; Copyright ...
Fatal error: Invalid argument
Aborted
We need to add EV signing to Our Install4j Maven build, which runs on Fedora.
So far in our .install4j file we have
<codeSigning windowsEnabled="true"
verbose="true"
windowsKeySource="pkcs11"
windowsPkcs11Library="/usr/lib/pkcs11/libIDPrimePKCS11.so"
winKeystorePassword="XXXXXXXXXXXXXX">
<windowsPkcs11Identifier issuer="GlobalSign GCC R45 EV CodeSigning CA 2020"
serial="YYYYYYYYYYYYYYYYY"
subject="ZZZZZZZZZZ" />
</codeSigning>
but we're getting
[INFO] install4j: compilation failed. Reason: The certificate file /usr/lib/pkcs11/libIDPrimePKCS11.so does not exist.
The file does exist, and keytool can see it.
I'm trying to build a Docker image, based on ubuntu:20.04, with R and bookdown with PDF support. But I'm getting ERROR: cannot verify yihui.org's certificate [...] with tinytex::install_tinytex():
> tinytex::install_tinytex()
trying URL 'https://yihui.org/tinytex/TinyTeX-1.tar.gz'
trying URL 'https://yihui.org/tinytex/TinyTeX-1.tar.gz'
--2020-11-23 09:19:05-- https://yihui.org/tinytex/TinyTeX-1.tar.gz
Resolving yihui.org (yihui.org)... 167.99.129.42, 134.209.226.211
Connecting to yihui.org (yihui.org)|167.99.129.42|:443... connected.
ERROR: cannot verify yihui.org's certificate, issued by 'CN=SSL-SG1-GROBU,OU=Operations,O=Cloud Services,C=US':
Unable to locally verify the issuer's authority.
To connect to yihui.org insecurely, use `--no-check-certificate'.
Error in download.file(url, output, ..., method = method) :
'wget' call had nonzero exit status
Calls: <Anonymous> ... download_file -> <Anonymous> -> download -> download.file
In addition: Warning messages:
1: In download.file(url, output, ..., method = method) :
URL 'https://yihui.org/tinytex/TinyTeX-1.tar.gz': status was 'SSL peer certificate or SSH remote key was not OK'
2: In download.file(url, output, ..., method = method) :
URL 'https://yihui.org/tinytex/TinyTeX-1.tar.gz': status was 'SSL peer certificate or SSH remote key was not OK'
You may have to restart your system after installing TinyTeX to make sure ~/bin appears in your PATH variable (https://github.com/yihui/tinytex/issues/16).
Execution halted
I need to find a way to verify and trust the certificate chain from yihui.org, as I'm not allowed to bypass the verification with --no-check-certificate.
Thanks in advance for any hint!
Mihai
The default docker image has no certificates installed, therefore there are also no root certificates. That is what is indicated by the error message Unable to locally verify the issuer's authority. You can obtain the root certificates from the package ca-certificates (install it via apt-get).
I am trying to initialize fabric-ca following its user guide using this config file but when executing the following command:
fabric-ca-server init --cafiles fabric-ca-server-config.yaml
I am getting the following error:
2018/11/12 22:59:45 [DEBUG] Intializing nonce manager for issuer 'undercroft'
2018/11/12 22:59:45 [DEBUG] Closing server DBs
2018/11/12 22:59:45 [FATAL] Initialization failure: CA name 'undercroft' is used in '/home/paradox/hyperledger/fabric/undercroft/fabric-ca/server/fabric-ca-server-config.yaml' and '/home/paradox/hyperledger/fabric/undercroft/fabric-ca/server/fabric-ca-server-config.yaml'
While I am getting this error if I am using the command line flags of fabric-ca-server I am successfully able to initialize and launch the
This is the full error log
As of now the --cafiles flag is only used when there are multiple CAs, in case of a single ca it will only use the config file at the $FABRIC_CA_SERVER_HOME directory.
Have you try if you change the CN of the fabric-ca-server ? or change the name of the CA ?