Terraform 自定义提供程序 GPG 问题
Terraform custom provider GPG issue
希望你一切顺利。
我正在写一个在 Go 中使用的 API,其工作方式类似于 terraform provider protocol
所以我已经有两个端点通过 HTTPS 在我的本地计算机上工作:
https://myapi:9000/v1/provider/:namespace/:type/versions
https://myapi:9000/v1/provider/:namespace/:type/:version/download/:os/:arch
让我们举例说明这些完整端点:
https://myapi:9000/v1/provider/myprovider/custom/versions
https://myapi:9000/v1/provider/myprovider/custom/0.1.0/download/linux/amd64
所以我有下一个 .tf.json 文件:
{
"module": {
"linux": {
"source": "myapi:9000/v1/module/mymodule/custom",
"version": "0.1.2"
}
}
}
即使用这两个文件
- 提供商。tf.json
provider "mycustomprovider" {
username = "abc"
password = "def"
host = "yjk"
}
- 版本。tf.json
terraform {
required_providers {
mycustomprovider = {
source: "myapi:9000/v1/myprovider/custom",
version: "0.1.0"
}
}
required_version = ">=1.0.2"
}
然后我直接运行:terraform init
得到我的资产
所以,当我得到我的自定义模块时,它工作正常。
输出(模块下载):
Initializing modules...
Downloading myapi:9000/mymodule/custom/gnu 0.1.2 for linux...
- linux in .terraform/modules/linux
Initializing the backend...
但是当我得到我的 provdier 时我有这个错误:
Initializing provider plugins...
- Finding myapi:9000:9000/myprovider/custom versions matching "0.1.0"...
- Installing myapi:9000:9000/myprovider/custom v0.1.0...
╷
│ Error: Failed to install provider
│
│ Error while installing myapi:9000/myprovider/custom v0.1.0: error checking signature:
│ openpgp: invalid data: tag byte does not have MSB set
所以,我的提供商 versions
端点正在运行。这就是为什么 terraform 能够识别我的提供商的版本。
问题应该出在我的 download
端点上。
在谈论这个端点之前,我想添加一些上下文,我正在 运行 使用 localstack and exposing it through ngrok 创建一个 S3 客户端。这两件事有效,我可以毫无问题地上传或下载文件。
Terraform 自定义提供程序应具有三个文件(据我了解):
- zip 格式的提供程序(如他们的示例)
- 一个
provider_SHA256SUMS
文件,其中包含每个提供商 zip 文件的 shasums(在这种情况下,我只有一个)
- a
provider_SHA256SUMS.sig
用于识别 provider_SHA256SUMS
文件的完整性。
因此,为了获取这些文件,我运行正在执行这些命令:
provider_SHA256SUMS
$ sha256sum 0.1.0.zip > 0.1.0_SHA256SUMS
provider_SHA256SUMS
$ gpg --gen-key # generating a new key
$ gpg --armor --output 0.1.0_SHA256SUMS.sig --detach-sig 0.1.0_SHA256SUMS
我端点的响应是这样的。 (gpg 信息只是示例数据,此处没有真正的警告。)
{
"protocols": [
"5.0"
],
"os": "linux",
"arch": "amd64",
"filename": "0.1.0.zip",
"download_url": "https://d4f6-186-84-89-138.ngrok.io/terraform/v1/providers/myprovider/custom/0.1.0.zip",
"shasums_url": "https://d4f6-186-84-89-138.ngrok.io/terraform/v1/providers/myprovider/custom/0.1.0_SHA256SUMS",
"shasums_signature_url": "https://d4f6-186-84-89-138.ngrok.io/terraform/v1/providers/myprovider/custom/0.1.0_SHA256SUMS.sig",
"shasum": "1dd61b508aad0d65b32c71159775e409fd618adc5ba945cc2eebb42f29e085d3",
"signing_keys": {
"gpg_public_keys": [
{
"key_id": "9F21EA3C1C9F793C",
"ascii_armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQGNBGEuvh8BDADyT3JLsSqnSLk0I2MrFPJgCvCYpPFsFJgfDx2EwL7TGGDeslaN\ndoOq05X+9vKyM6qQ1jQmpfS5dzsQIsHtUlsU0nphS21ZvYm10aZUt3dXxlMwu2Is\nSO+q8O4WSMXclIsBUyhzP6TMQ7nISXHundVx7b/S/bEYucOIMeYmqg1PKId55U4G\n7y/8W6mmzX6NvF97fRyN37fBqvx8q2SxT5iB3C2Sbfd7i/sMvjC0tQOBv1EKh3RN\ncElP5NlJbv58Ysz+UTU21EPkkvPH4pLuUcB9/0uwzi5y/268EWTy3+UlWnoh12ds\nESZFgijzUsdvOmCOZkdd5X1Radzr+6VKVXHHIprKgO5AlvjFoLQK0NzzMiXjhyUF\nk9plo7kET4dy9ztySJYutx5eNMJInF5mYKNdH3H36ThXAIPptAu8WJjCtYok78C5\nilpv7cTiM9F5g7SlxnKU+xFmbzhSnYxth9DEhrO9ufliT1Df76iuqpc8B79sUtUH\nWvf7QIgkL6HtL5MAEQEAAbQYbXlhcGkgPG15YXBpQGN1c3RvbS5jb20+iQHUBBMB\nCgA+FiEEbk3GwdLc9Ypn5Wg9nyHqPByfeTwFAmEuvh8CGwMFCQPCZwAFCwkIBwIG\nFQoJCAsCBBYCAwECHgECF4AACgkQnyHqPByfeTzfQgwAyqcGJFbU2zN45F/2ECBs\nE6vYbfk9qRXpvU6PWodE0t5sqcxY2Oz0r29OGaW5mDyZRE+zRGir4yQki3RqI6vY\nh66uTWMybUV6qipv3qXHIqbSn3H/ss4Tuf9C2//Pz/LpMKiMiJilpXyCy8F8l504\nEsm+PU3CtNioNZCkoeH6kJWkjXDGQWQK58R4SFRfHcJMa03+gyPgv5Ba593/zGqh\nl2GmmwbAJHcnSH1EBAulcd48nQCMOYuvIqa40CDOhcz+rIlqivvP6KVX+qmRVmaV\nY1u391a40wfaRomuk46JCKFQVeElAZ4tac8UaOv2x0GOBzIw7/1CwulN2VvojiEJ\nVj0Q6sZ/K7+dU4H7NLQ1aIN+Vv3t7VIISu3wzraCT5c1aduH4YLio83W9rS4EcRj\nHmej5JG4B16HOMMrM1caq+cVPyymCzblEShplCdmQ7qcYOqvRYW8ewVPNqWJSTiR\nC/Kpq1N8OOKdG0Th8ja4jfRkfexloCdUOlSOKktK8uU+uQGNBGEuvh8BDADOMUX3\nxatbgt4sArBKNlnZWrZZCRFHxzeGaZsY9EsNY6D722iGoU40iYs6ky08bOQT/g8O\nFSooA6DKNhxVCM/r99rsiYrNIzT9s/ywKmUb6JipgAiGpd5W9lBAB/u6pQ039ni2\nQI+5cYZ+8i6v2b6oOGdnym8p2K14O+keAh7Z6aOnpb8YIq3B7khtcO+oHvp820sB\nOa0hlMs39qQHkG70ybAe0HdcZAhXVVSmrN6EdDZ8SZmRSAVbiv84a9t5b8swNhxZ\nT3csxqdAWbz3GOCIUmmaJUYOdGYLwAc2BnsRyxzNq66H962uK9hygrDrjJSpNnxU\n/VdXcRxYZcLqUHGPMds/gqwr/30JmXlkPqbG/3v4D+wy5OFsr+uquK4helqhJdQ9\nfOWrMyUxShZhZ476YURn1VbaF4a5x5zi2OBSxYK9VjSfAedisMtvsRIxOMgU0eXT\nNkRaTBoQTX2ZiVjy0fwVeHgNIuPsszQRokRZ2zFttC+tU5x/ffayBU3qZhUAEQEA\nAYkBvAQYAQoAJhYhBG5NxsHS3PWKZ+VoPZ8h6jwcn3k8BQJhLr4fAhsMBQkDwmcA\nAAoJEJ8h6jwcn3k8QU4MAJetwC4o/F9m0tJKO6DYqX5bsnGlp1u3oyG0ATvSvT9E\nBTxbQlpcIOrJ16Be/92SmfVaGbbqWywqjkNgK7s08Zbbk7WONZyAg8NR5/b5Cgi9\ncJrR73dbDnijvhjDkAAn414+M57DG65tPt1vlXDqa8LSQobDdszn1i/ugvqxqj1y\n6NmFvVPxor67n9r67Iq4PzWF3WK7tosPUaTbFczbS2xS4sINPCEddb2Ima5cixL0\nh2pni/jonYo4RCWmUvpMx48CevgXFCzWOGdaOSI75MklcaH4IBe2EFaCbN3IUMlA\nHI2TOuR0KXsX0R3jzmDzVJkXaXWMqPjcFlxvXuMTE4ooI6DiBN7+2xAqfYOURmy1\nwjfWwCVR3OaPY2cGvxWPnIz2mtKjhRIaYwfzDVdR5vlSU/YwkJUv11P6Y8YPX7jw\nRYVFtTkd7qghjvWMBMpABTxYWxvd74EgUUnYOfoei97nKOnb3loj+XdoZeGCmyL7\nCZWzoNTMkeFkob1UkxIe+Q==\n=wZDI\n-----END PGP PUBLIC KEY BLOCK-----"
}
]
}
}
响应中的shasum
属性应该是对应provider zip文件的shasum,也可以在provider_SHA256SUMS
文件中找到。
为了获得 key_id
和 ascii_armor
道具,我正在 运行 执行以下命令:
$ gpg --list-secret-keys --keyid-format=long ## key_id
$ gpg --armor --export <MY_KEYID> > public.gpg ## export to public key to base64
$ cat public.gpg | sed -E ':a;N;$!ba;s/\r{0,1}\n/\n/g' ## one-lined ascii_armor
小问题
我在使用 gpg 密钥时做错了什么导致出现此错误?是我步骤不够,还是做错了?
openpgp: invalid data: tag byte does not have MSB set
----更新----
这就是我在 Go 中构建响应的方式:
我没有给出完整的代码,因为我认为问题出在 KeyID
和 ASCIIArmor
属性上。
如您所见:Shasum
、KeyID
和 ASCIIArmor
是硬编码的。
response := ProviderDownloadResponse{
Protocols: protocols,
Os: os,
Arch: arch,
Filename: filename,
DownloadURL: downloadURL,
ShasumsURL: SHASUMsURL,
ShasumsSignatureURL: SHASUMSSignatureURL,
Shasum: "1dd61b508aad0d65b32c71159775e409fd618adc5ba945cc2eebb42f29e085d3",
SigningKeys: SigningKeys{
GpgPublicKeys: []GPGPublicKey{
{
KeyID: "9F21EA3C1C9F793C",
ASCIIArmor: "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQGNBGEuvh8BDADyT3JLsSqnSLk0I2MrFPJgCvCYpPFsFJgfDx2EwL7TGGDeslaN\ndoOq05X+9vKyM6qQ1jQmpfS5dzsQIsHtUlsU0nphS21ZvYm10aZUt3dXxlMwu2Is\nSO+q8O4WSMXclIsBUyhzP6TMQ7nISXHundVx7b/S/bEYucOIMeYmqg1PKId55U4G\n7y/8W6mmzX6NvF97fRyN37fBqvx8q2SxT5iB3C2Sbfd7i/sMvjC0tQOBv1EKh3RN\ncElP5NlJbv58Ysz+UTU21EPkkvPH4pLuUcB9/0uwzi5y/268EWTy3+UlWnoh12ds\nESZFgijzUsdvOmCOZkdd5X1Radzr+6VKVXHHIprKgO5AlvjFoLQK0NzzMiXjhyUF\nk9plo7kET4dy9ztySJYutx5eNMJInF5mYKNdH3H36ThXAIPptAu8WJjCtYok78C5\nilpv7cTiM9F5g7SlxnKU+xFmbzhSnYxth9DEhrO9ufliT1Df76iuqpc8B79sUtUH\nWvf7QIgkL6HtL5MAEQEAAbQYbXlhcGkgPG15YXBpQGN1c3RvbS5jb20+iQHUBBMB\nCgA+FiEEbk3GwdLc9Ypn5Wg9nyHqPByfeTwFAmEuvh8CGwMFCQPCZwAFCwkIBwIG\nFQoJCAsCBBYCAwECHgECF4AACgkQnyHqPByfeTzfQgwAyqcGJFbU2zN45F/2ECBs\nE6vYbfk9qRXpvU6PWodE0t5sqcxY2Oz0r29OGaW5mDyZRE+zRGir4yQki3RqI6vY\nh66uTWMybUV6qipv3qXHIqbSn3H/ss4Tuf9C2//Pz/LpMKiMiJilpXyCy8F8l504\nEsm+PU3CtNioNZCkoeH6kJWkjXDGQWQK58R4SFRfHcJMa03+gyPgv5Ba593/zGqh\nl2GmmwbAJHcnSH1EBAulcd48nQCMOYuvIqa40CDOhcz+rIlqivvP6KVX+qmRVmaV\nY1u391a40wfaRomuk46JCKFQVeElAZ4tac8UaOv2x0GOBzIw7/1CwulN2VvojiEJ\nVj0Q6sZ/K7+dU4H7NLQ1aIN+Vv3t7VIISu3wzraCT5c1aduH4YLio83W9rS4EcRj\nHmej5JG4B16HOMMrM1caq+cVPyymCzblEShplCdmQ7qcYOqvRYW8ewVPNqWJSTiR\nC/Kpq1N8OOKdG0Th8ja4jfRkfexloCdUOlSOKktK8uU+uQGNBGEuvh8BDADOMUX3\nxatbgt4sArBKNlnZWrZZCRFHxzeGaZsY9EsNY6D722iGoU40iYs6ky08bOQT/g8O\nFSooA6DKNhxVCM/r99rsiYrNIzT9s/ywKmUb6JipgAiGpd5W9lBAB/u6pQ039ni2\nQI+5cYZ+8i6v2b6oOGdnym8p2K14O+keAh7Z6aOnpb8YIq3B7khtcO+oHvp820sB\nOa0hlMs39qQHkG70ybAe0HdcZAhXVVSmrN6EdDZ8SZmRSAVbiv84a9t5b8swNhxZ\nT3csxqdAWbz3GOCIUmmaJUYOdGYLwAc2BnsRyxzNq66H962uK9hygrDrjJSpNnxU\n/VdXcRxYZcLqUHGPMds/gqwr/30JmXlkPqbG/3v4D+wy5OFsr+uquK4helqhJdQ9\nfOWrMyUxShZhZ476YURn1VbaF4a5x5zi2OBSxYK9VjSfAedisMtvsRIxOMgU0eXT\nNkRaTBoQTX2ZiVjy0fwVeHgNIuPsszQRokRZ2zFttC+tU5x/ffayBU3qZhUAEQEA\nAYkBvAQYAQoAJhYhBG5NxsHS3PWKZ+VoPZ8h6jwcn3k8BQJhLr4fAhsMBQkDwmcA\nAAoJEJ8h6jwcn3k8QU4MAJetwC4o/F9m0tJKO6DYqX5bsnGlp1u3oyG0ATvSvT9E\nBTxbQlpcIOrJ16Be/92SmfVaGbbqWywqjkNgK7s08Zbbk7WONZyAg8NR5/b5Cgi9\ncJrR73dbDnijvhjDkAAn414+M57DG65tPt1vlXDqa8LSQobDdszn1i/ugvqxqj1y\n6NmFvVPxor67n9r67Iq4PzWF3WK7tosPUaTbFczbS2xS4sINPCEddb2Ima5cixL0\nh2pni/jonYo4RCWmUvpMx48CevgXFCzWOGdaOSI75MklcaH4IBe2EFaCbN3IUMlA\nHI2TOuR0KXsX0R3jzmDzVJkXaXWMqPjcFlxvXuMTE4ooI6DiBN7+2xAqfYOURmy1\nwjfWwCVR3OaPY2cGvxWPnIz2mtKjhRIaYwfzDVdR5vlSU/YwkJUv11P6Y8YPX7jw\nRYVFtTkd7qghjvWMBMpABTxYWxvd74EgUUnYOfoei97nKOnb3loj+XdoZeGCmyL7\nCZWzoNTMkeFkob1UkxIe+Q==\n=wZDI\n-----END PGP PUBLIC KEY BLOCK-----",
},
},
},
}
terraform 使用的 x/crypto/openpgp
不支持读取装甲消息,参见 issue,这是错误的来源。
shasums_signature_url
归档文档提到:
binary, detached GPG signature
另请参阅 Manually preparing a release doc
which is a valid GPG binary (not ASCII armored) signature
所以你应该尝试在没有 --armor
标志的情况下签名。
希望你一切顺利。
我正在写一个在 Go 中使用的 API,其工作方式类似于 terraform provider protocol
所以我已经有两个端点通过 HTTPS 在我的本地计算机上工作:
https://myapi:9000/v1/provider/:namespace/:type/versions
https://myapi:9000/v1/provider/:namespace/:type/:version/download/:os/:arch
让我们举例说明这些完整端点:
https://myapi:9000/v1/provider/myprovider/custom/versions
https://myapi:9000/v1/provider/myprovider/custom/0.1.0/download/linux/amd64
所以我有下一个 .tf.json 文件:
{
"module": {
"linux": {
"source": "myapi:9000/v1/module/mymodule/custom",
"version": "0.1.2"
}
}
}
即使用这两个文件
- 提供商。tf.json
provider "mycustomprovider" {
username = "abc"
password = "def"
host = "yjk"
}
- 版本。tf.json
terraform {
required_providers {
mycustomprovider = {
source: "myapi:9000/v1/myprovider/custom",
version: "0.1.0"
}
}
required_version = ">=1.0.2"
}
然后我直接运行:terraform init
得到我的资产
所以,当我得到我的自定义模块时,它工作正常。 输出(模块下载):
Initializing modules...
Downloading myapi:9000/mymodule/custom/gnu 0.1.2 for linux...
- linux in .terraform/modules/linux
Initializing the backend...
但是当我得到我的 provdier 时我有这个错误:
Initializing provider plugins...
- Finding myapi:9000:9000/myprovider/custom versions matching "0.1.0"...
- Installing myapi:9000:9000/myprovider/custom v0.1.0...
╷
│ Error: Failed to install provider
│
│ Error while installing myapi:9000/myprovider/custom v0.1.0: error checking signature:
│ openpgp: invalid data: tag byte does not have MSB set
所以,我的提供商 versions
端点正在运行。这就是为什么 terraform 能够识别我的提供商的版本。
问题应该出在我的 download
端点上。
在谈论这个端点之前,我想添加一些上下文,我正在 运行 使用 localstack and exposing it through ngrok 创建一个 S3 客户端。这两件事有效,我可以毫无问题地上传或下载文件。
Terraform 自定义提供程序应具有三个文件(据我了解):
- zip 格式的提供程序(如他们的示例)
- 一个
provider_SHA256SUMS
文件,其中包含每个提供商 zip 文件的 shasums(在这种情况下,我只有一个) - a
provider_SHA256SUMS.sig
用于识别provider_SHA256SUMS
文件的完整性。
因此,为了获取这些文件,我运行正在执行这些命令:
provider_SHA256SUMS
$ sha256sum 0.1.0.zip > 0.1.0_SHA256SUMS
provider_SHA256SUMS
$ gpg --gen-key # generating a new key
$ gpg --armor --output 0.1.0_SHA256SUMS.sig --detach-sig 0.1.0_SHA256SUMS
我端点的响应是这样的。 (gpg 信息只是示例数据,此处没有真正的警告。)
{
"protocols": [
"5.0"
],
"os": "linux",
"arch": "amd64",
"filename": "0.1.0.zip",
"download_url": "https://d4f6-186-84-89-138.ngrok.io/terraform/v1/providers/myprovider/custom/0.1.0.zip",
"shasums_url": "https://d4f6-186-84-89-138.ngrok.io/terraform/v1/providers/myprovider/custom/0.1.0_SHA256SUMS",
"shasums_signature_url": "https://d4f6-186-84-89-138.ngrok.io/terraform/v1/providers/myprovider/custom/0.1.0_SHA256SUMS.sig",
"shasum": "1dd61b508aad0d65b32c71159775e409fd618adc5ba945cc2eebb42f29e085d3",
"signing_keys": {
"gpg_public_keys": [
{
"key_id": "9F21EA3C1C9F793C",
"ascii_armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQGNBGEuvh8BDADyT3JLsSqnSLk0I2MrFPJgCvCYpPFsFJgfDx2EwL7TGGDeslaN\ndoOq05X+9vKyM6qQ1jQmpfS5dzsQIsHtUlsU0nphS21ZvYm10aZUt3dXxlMwu2Is\nSO+q8O4WSMXclIsBUyhzP6TMQ7nISXHundVx7b/S/bEYucOIMeYmqg1PKId55U4G\n7y/8W6mmzX6NvF97fRyN37fBqvx8q2SxT5iB3C2Sbfd7i/sMvjC0tQOBv1EKh3RN\ncElP5NlJbv58Ysz+UTU21EPkkvPH4pLuUcB9/0uwzi5y/268EWTy3+UlWnoh12ds\nESZFgijzUsdvOmCOZkdd5X1Radzr+6VKVXHHIprKgO5AlvjFoLQK0NzzMiXjhyUF\nk9plo7kET4dy9ztySJYutx5eNMJInF5mYKNdH3H36ThXAIPptAu8WJjCtYok78C5\nilpv7cTiM9F5g7SlxnKU+xFmbzhSnYxth9DEhrO9ufliT1Df76iuqpc8B79sUtUH\nWvf7QIgkL6HtL5MAEQEAAbQYbXlhcGkgPG15YXBpQGN1c3RvbS5jb20+iQHUBBMB\nCgA+FiEEbk3GwdLc9Ypn5Wg9nyHqPByfeTwFAmEuvh8CGwMFCQPCZwAFCwkIBwIG\nFQoJCAsCBBYCAwECHgECF4AACgkQnyHqPByfeTzfQgwAyqcGJFbU2zN45F/2ECBs\nE6vYbfk9qRXpvU6PWodE0t5sqcxY2Oz0r29OGaW5mDyZRE+zRGir4yQki3RqI6vY\nh66uTWMybUV6qipv3qXHIqbSn3H/ss4Tuf9C2//Pz/LpMKiMiJilpXyCy8F8l504\nEsm+PU3CtNioNZCkoeH6kJWkjXDGQWQK58R4SFRfHcJMa03+gyPgv5Ba593/zGqh\nl2GmmwbAJHcnSH1EBAulcd48nQCMOYuvIqa40CDOhcz+rIlqivvP6KVX+qmRVmaV\nY1u391a40wfaRomuk46JCKFQVeElAZ4tac8UaOv2x0GOBzIw7/1CwulN2VvojiEJ\nVj0Q6sZ/K7+dU4H7NLQ1aIN+Vv3t7VIISu3wzraCT5c1aduH4YLio83W9rS4EcRj\nHmej5JG4B16HOMMrM1caq+cVPyymCzblEShplCdmQ7qcYOqvRYW8ewVPNqWJSTiR\nC/Kpq1N8OOKdG0Th8ja4jfRkfexloCdUOlSOKktK8uU+uQGNBGEuvh8BDADOMUX3\nxatbgt4sArBKNlnZWrZZCRFHxzeGaZsY9EsNY6D722iGoU40iYs6ky08bOQT/g8O\nFSooA6DKNhxVCM/r99rsiYrNIzT9s/ywKmUb6JipgAiGpd5W9lBAB/u6pQ039ni2\nQI+5cYZ+8i6v2b6oOGdnym8p2K14O+keAh7Z6aOnpb8YIq3B7khtcO+oHvp820sB\nOa0hlMs39qQHkG70ybAe0HdcZAhXVVSmrN6EdDZ8SZmRSAVbiv84a9t5b8swNhxZ\nT3csxqdAWbz3GOCIUmmaJUYOdGYLwAc2BnsRyxzNq66H962uK9hygrDrjJSpNnxU\n/VdXcRxYZcLqUHGPMds/gqwr/30JmXlkPqbG/3v4D+wy5OFsr+uquK4helqhJdQ9\nfOWrMyUxShZhZ476YURn1VbaF4a5x5zi2OBSxYK9VjSfAedisMtvsRIxOMgU0eXT\nNkRaTBoQTX2ZiVjy0fwVeHgNIuPsszQRokRZ2zFttC+tU5x/ffayBU3qZhUAEQEA\nAYkBvAQYAQoAJhYhBG5NxsHS3PWKZ+VoPZ8h6jwcn3k8BQJhLr4fAhsMBQkDwmcA\nAAoJEJ8h6jwcn3k8QU4MAJetwC4o/F9m0tJKO6DYqX5bsnGlp1u3oyG0ATvSvT9E\nBTxbQlpcIOrJ16Be/92SmfVaGbbqWywqjkNgK7s08Zbbk7WONZyAg8NR5/b5Cgi9\ncJrR73dbDnijvhjDkAAn414+M57DG65tPt1vlXDqa8LSQobDdszn1i/ugvqxqj1y\n6NmFvVPxor67n9r67Iq4PzWF3WK7tosPUaTbFczbS2xS4sINPCEddb2Ima5cixL0\nh2pni/jonYo4RCWmUvpMx48CevgXFCzWOGdaOSI75MklcaH4IBe2EFaCbN3IUMlA\nHI2TOuR0KXsX0R3jzmDzVJkXaXWMqPjcFlxvXuMTE4ooI6DiBN7+2xAqfYOURmy1\nwjfWwCVR3OaPY2cGvxWPnIz2mtKjhRIaYwfzDVdR5vlSU/YwkJUv11P6Y8YPX7jw\nRYVFtTkd7qghjvWMBMpABTxYWxvd74EgUUnYOfoei97nKOnb3loj+XdoZeGCmyL7\nCZWzoNTMkeFkob1UkxIe+Q==\n=wZDI\n-----END PGP PUBLIC KEY BLOCK-----"
}
]
}
}
响应中的shasum
属性应该是对应provider zip文件的shasum,也可以在provider_SHA256SUMS
文件中找到。
为了获得 key_id
和 ascii_armor
道具,我正在 运行 执行以下命令:
$ gpg --list-secret-keys --keyid-format=long ## key_id
$ gpg --armor --export <MY_KEYID> > public.gpg ## export to public key to base64
$ cat public.gpg | sed -E ':a;N;$!ba;s/\r{0,1}\n/\n/g' ## one-lined ascii_armor
小问题
我在使用 gpg 密钥时做错了什么导致出现此错误?是我步骤不够,还是做错了?
openpgp: invalid data: tag byte does not have MSB set
----更新----
这就是我在 Go 中构建响应的方式:
我没有给出完整的代码,因为我认为问题出在 KeyID
和 ASCIIArmor
属性上。
如您所见:Shasum
、KeyID
和 ASCIIArmor
是硬编码的。
response := ProviderDownloadResponse{
Protocols: protocols,
Os: os,
Arch: arch,
Filename: filename,
DownloadURL: downloadURL,
ShasumsURL: SHASUMsURL,
ShasumsSignatureURL: SHASUMSSignatureURL,
Shasum: "1dd61b508aad0d65b32c71159775e409fd618adc5ba945cc2eebb42f29e085d3",
SigningKeys: SigningKeys{
GpgPublicKeys: []GPGPublicKey{
{
KeyID: "9F21EA3C1C9F793C",
ASCIIArmor: "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQGNBGEuvh8BDADyT3JLsSqnSLk0I2MrFPJgCvCYpPFsFJgfDx2EwL7TGGDeslaN\ndoOq05X+9vKyM6qQ1jQmpfS5dzsQIsHtUlsU0nphS21ZvYm10aZUt3dXxlMwu2Is\nSO+q8O4WSMXclIsBUyhzP6TMQ7nISXHundVx7b/S/bEYucOIMeYmqg1PKId55U4G\n7y/8W6mmzX6NvF97fRyN37fBqvx8q2SxT5iB3C2Sbfd7i/sMvjC0tQOBv1EKh3RN\ncElP5NlJbv58Ysz+UTU21EPkkvPH4pLuUcB9/0uwzi5y/268EWTy3+UlWnoh12ds\nESZFgijzUsdvOmCOZkdd5X1Radzr+6VKVXHHIprKgO5AlvjFoLQK0NzzMiXjhyUF\nk9plo7kET4dy9ztySJYutx5eNMJInF5mYKNdH3H36ThXAIPptAu8WJjCtYok78C5\nilpv7cTiM9F5g7SlxnKU+xFmbzhSnYxth9DEhrO9ufliT1Df76iuqpc8B79sUtUH\nWvf7QIgkL6HtL5MAEQEAAbQYbXlhcGkgPG15YXBpQGN1c3RvbS5jb20+iQHUBBMB\nCgA+FiEEbk3GwdLc9Ypn5Wg9nyHqPByfeTwFAmEuvh8CGwMFCQPCZwAFCwkIBwIG\nFQoJCAsCBBYCAwECHgECF4AACgkQnyHqPByfeTzfQgwAyqcGJFbU2zN45F/2ECBs\nE6vYbfk9qRXpvU6PWodE0t5sqcxY2Oz0r29OGaW5mDyZRE+zRGir4yQki3RqI6vY\nh66uTWMybUV6qipv3qXHIqbSn3H/ss4Tuf9C2//Pz/LpMKiMiJilpXyCy8F8l504\nEsm+PU3CtNioNZCkoeH6kJWkjXDGQWQK58R4SFRfHcJMa03+gyPgv5Ba593/zGqh\nl2GmmwbAJHcnSH1EBAulcd48nQCMOYuvIqa40CDOhcz+rIlqivvP6KVX+qmRVmaV\nY1u391a40wfaRomuk46JCKFQVeElAZ4tac8UaOv2x0GOBzIw7/1CwulN2VvojiEJ\nVj0Q6sZ/K7+dU4H7NLQ1aIN+Vv3t7VIISu3wzraCT5c1aduH4YLio83W9rS4EcRj\nHmej5JG4B16HOMMrM1caq+cVPyymCzblEShplCdmQ7qcYOqvRYW8ewVPNqWJSTiR\nC/Kpq1N8OOKdG0Th8ja4jfRkfexloCdUOlSOKktK8uU+uQGNBGEuvh8BDADOMUX3\nxatbgt4sArBKNlnZWrZZCRFHxzeGaZsY9EsNY6D722iGoU40iYs6ky08bOQT/g8O\nFSooA6DKNhxVCM/r99rsiYrNIzT9s/ywKmUb6JipgAiGpd5W9lBAB/u6pQ039ni2\nQI+5cYZ+8i6v2b6oOGdnym8p2K14O+keAh7Z6aOnpb8YIq3B7khtcO+oHvp820sB\nOa0hlMs39qQHkG70ybAe0HdcZAhXVVSmrN6EdDZ8SZmRSAVbiv84a9t5b8swNhxZ\nT3csxqdAWbz3GOCIUmmaJUYOdGYLwAc2BnsRyxzNq66H962uK9hygrDrjJSpNnxU\n/VdXcRxYZcLqUHGPMds/gqwr/30JmXlkPqbG/3v4D+wy5OFsr+uquK4helqhJdQ9\nfOWrMyUxShZhZ476YURn1VbaF4a5x5zi2OBSxYK9VjSfAedisMtvsRIxOMgU0eXT\nNkRaTBoQTX2ZiVjy0fwVeHgNIuPsszQRokRZ2zFttC+tU5x/ffayBU3qZhUAEQEA\nAYkBvAQYAQoAJhYhBG5NxsHS3PWKZ+VoPZ8h6jwcn3k8BQJhLr4fAhsMBQkDwmcA\nAAoJEJ8h6jwcn3k8QU4MAJetwC4o/F9m0tJKO6DYqX5bsnGlp1u3oyG0ATvSvT9E\nBTxbQlpcIOrJ16Be/92SmfVaGbbqWywqjkNgK7s08Zbbk7WONZyAg8NR5/b5Cgi9\ncJrR73dbDnijvhjDkAAn414+M57DG65tPt1vlXDqa8LSQobDdszn1i/ugvqxqj1y\n6NmFvVPxor67n9r67Iq4PzWF3WK7tosPUaTbFczbS2xS4sINPCEddb2Ima5cixL0\nh2pni/jonYo4RCWmUvpMx48CevgXFCzWOGdaOSI75MklcaH4IBe2EFaCbN3IUMlA\nHI2TOuR0KXsX0R3jzmDzVJkXaXWMqPjcFlxvXuMTE4ooI6DiBN7+2xAqfYOURmy1\nwjfWwCVR3OaPY2cGvxWPnIz2mtKjhRIaYwfzDVdR5vlSU/YwkJUv11P6Y8YPX7jw\nRYVFtTkd7qghjvWMBMpABTxYWxvd74EgUUnYOfoei97nKOnb3loj+XdoZeGCmyL7\nCZWzoNTMkeFkob1UkxIe+Q==\n=wZDI\n-----END PGP PUBLIC KEY BLOCK-----",
},
},
},
}
x/crypto/openpgp
不支持读取装甲消息,参见 issue,这是错误的来源。
shasums_signature_url
归档文档提到:
binary, detached GPG signature
另请参阅 Manually preparing a release doc
which is a valid GPG binary (not ASCII armored) signature
所以你应该尝试在没有 --armor
标志的情况下签名。