I'm currently testing the CoreOS container runtime rocket and recreated a scenario to sign and distribute images via Meta Discovery which is based on the following guide. When I try to run a self-signed image using Meta Discovery I get the following error/output:
rkt: using image from local store for image name coreos.com/rkt/stage1-coreos:0.16.0
rkt: searching for app image rocket-example.eu/hellorocket
rkt: remote fetching from URL "https://rocket-example.eu/images/hellorocket.aci"
prefix: "rocket-example.eu/hellorocket"
key: "https://rocket-example.eu/pubkeys.gpg"
gpg key fingerprint is: 993C 033A 1556 CCDF 4321 EB17 8192 E9F7 DBD1 49AE
subkey fingerprint: 02BB E974 02CF 0676 28C8 424C DFB3 FED2 080B 7D76
RXXXX XXXXX (ACI signing key) <rXXXX.XXXXX@XXXXX.XX-XXXXX.de>
Key "https://rocket-example.eu/pubkeys.gpg" already in the keystore
rkt: downloading signature from https://rocket-example.eu/images/hellorocket.aci
Downloading signature: 0 B/1.75 MB
Downloading signature: 3.83 KB/1.75 MB
Downloading signature: 1.75 MB/1.75 MB
run: openpgp: invalid data: tag byte does not have MSB set
I'm using a VM running Ubuntu 15.10, rkt 0.16.0 and GnuPG 2.0.23. The images are provided by a local nginx server.
The created signature hellorocket.aci.asc looks like:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABAgAGBQJWqPPqAAoJEJtfmFGWacfBx0gH/i1EVAs2HJm7rOpp0WqbamFa
kC6vH1qs8Rvcagpkcar5ZAZFhC1oQVnF7oB7mvU4Ich3BOS0bBXCgef39oGxVXD6
HrHDB1FX1Q4hFMCnJgFNR4isPaaGy9Hm0uNjE8QxPWBtLgYW3zp5EwBRz3uRizQ7
+BY5Bm+cBIICENKcweTwIXlVgEFk8eFSnMyJ7NP56LbHbZWbb6gFywmz/5A4yJPJ
Qit/iT+FwSfU+xBMpNc2KEux46DfmfpBMippBtMh8wba7Unrjig3oV2Phyqe+UOL
Z6zJjg7dJiAxj7NOwzQRscUyXqmN1yXCF5Tj5ldOwMHXqdXVBw5/KzoTzk1Kl4w=
=9lM+
-----END PGP SIGNATURE-----
