krallin/tini

Bad signature for binary

rabidaudio opened this issue · 2 comments

rabidaudio commented

Based on the signed binaries directions in the README, I put together this Dockerfile:

FROM ubuntu
RUN apt-get update && apt-get install -yy gpg
ENV TINI_VERSION v0.19.0
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-static /tini
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc /tini.asc
RUN gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 \
 && gpg --batch --verify /tini.asc /tini
RUN chmod +x /tini
ENTRYPOINT ["/tini", "-v", "--"]
CMD ["echo", "hello, world"]

However, gpg returns "BAD signature" when building this image:

 => ERROR [5/5] RUN gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7  && gpg --batch --verify /tini.asc /tini              2.4s 
------                                                                                                                                                                                           
 > [5/5] RUN gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7  && gpg --batch --verify /tini.asc /tini:                         
#10 1.779 gpg: directory '/root/.gnupg' created                                                                                                                                                  
#10 1.779 gpg: keybox '/root/.gnupg/pubring.kbx' created                                                                                                                                         
#10 2.189 gpg: /root/.gnupg/trustdb.gpg: trustdb created                                                                                                                                         
#10 2.194 gpg: key 9A84159D7001A4E5: public key "Thomas Orozco <thomas@orozco.fr>" imported                                                                                                      
#10 2.229 gpg: Total number processed: 1
#10 2.229 gpg:               imported: 1
#10 2.282 gpg: Signature made Sun Apr 19 17:39:35 2020 UTC
#10 2.282 gpg:                using RSA key 0B588DFF0527A9B7
#10 2.293 gpg: BAD signature from "Thomas Orozco <thomas@orozco.fr>" [unknown]
------
executor failed running [/bin/sh -c gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7  && gpg --batch --verify /tini.asc /tini]: runc did not terminate successfully

Did the signing key change? Or perhaps the command in the README is wrong?

yosifkit commented

You need to grab the correct signature file:

-ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc /tini.asc
+ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-static.asc /tini.asc
  • 👍1
krallin commented

Thanks @yosifkit !

  • 👍1