Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automated download script fails to verify signature #324

Closed
mattcolombo opened this issue Nov 2, 2023 · 2 comments · Fixed by #332
Closed

Automated download script fails to verify signature #324

mattcolombo opened this issue Nov 2, 2023 · 2 comments · Fixed by #332

Comments

@mattcolombo
Copy link

When trying to install apigeecli inside an Ubuntu installation under Windows (using WSL), running the command provided in the documentation

curl -L https://raw.githubusercontent.com/apigee/apigeecli/main/downloadLatest.sh | sh -

produces an error with the signature being invalid. However using wget to download the zip file with the binaries and the signature file, and using the command to get cosign to validate the package, the validation is working as expected. Please see below screenshot for reference.
signature-invalid-evidence

STEPS TO REPRODUCE:

  • run
curl -L https://raw.githubusercontent.com/apigee/apigeecli/main/downloadLatest.sh | sh -
  • observe signature validation error
srinandan added a commit that referenced this issue Nov 9, 2023
@srinandan
bug: fixes sig filename during verification #324
c4fd543
@srinandan srinandan linked a pull request Nov 9, 2023 that will close this issue
bug: fixes sig filename during verification #324 #332
Merged
ssvaidyanathan added a commit that referenced this issue Nov 9, 2023
@ssvaidyanathan
Merge pull request #332 from apigee/issue324
1ede3b3 
bug: fixes sig filename during verification #324
@srinandan srinandan reopened this Nov 9, 2023
@ssvaidyanathan
Copy link
Collaborator

@mattcolombo - can you try now?

@mattcolombo
Copy link
Author

Looks like it's working fine now! Thanks for the quick help 🙂
M

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

bug: fixes sig filename during verification #324 apigee/apigeecli
3 participants
@srinandan @ssvaidyanathan @mattcolombo