When i’m building the Docker file here: sonar-scanner-cli-docker/Dockerfile at master · SonarSource/sonar-scanner-cli-docker · GitHub
I get this Error:
#7 85.65 + gpg --verify /opt/sonar-scanner-cli.zip.asc /opt/sonar-scanner-cli.zip
#7 85.65 gpg: no valid OpenPGP data found.
#7 85.65 gpg: the signature could not be verified.
It seems that there is an Issue with this command.
Could anyone help?
Hey there.
Are you still facing the issue? I am not.
#6 13.06 + wget -U scannercli -q -O /opt/sonar-scanner-cli.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.7.0.2747.zip
#6 13.56 + wget -U scannercli -q -O /opt/sonar-scanner-cli.zip.asc https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.7.0.2747.zip.asc
#6 13.75 + shuf -e hkps://keys.openpgp.org hkps://keyserver.ubuntu.com
#6 13.75 + gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys 679F1EE92B19609DE816FDE81DB198F93525EC1A
#6 13.76 gpg: directory '/tmp/.gnupg' created
#6 13.76 gpg: keybox '/tmp/.gnupg/pubring.kbx' created
#6 14.13 gpg: /tmp/.gnupg/trustdb.gpg: trustdb created
#6 14.13 gpg: key 1DB198F93525EC1A: public key "SonarSource S.A. <infra@sonarsource.com>" imported
#6 14.14 gpg: Total number processed: 1
#6 14.14 gpg: imported: 1
#6 14.14 + break
#6 14.14 + gpg --verify /opt/sonar-scanner-cli.zip.asc /opt/sonar-scanner-cli.zip
#6 14.14 gpg: Signature made Tue Feb 22 07:20:32 2022 UTC
#6 14.14 gpg: using RSA key 2B1042677FD8190C7B9FC0DC2161D72E7DCD4258
#6 14.14 gpg: Good signature from "SonarSource S.A. <infra@sonarsource.com>" [unknown]
#6 14.14 gpg: WARNING: This key is not certified with a trusted signature!
#6 14.14 gpg: There is no indication that the signature belongs to the owner.
#6 14.14 Primary key fingerprint: 679F 1EE9 2B19 609D E816 FDE8 1DB1 98F9 3525 EC1A
#6 14.14 Subkey fingerprint: 2B10 4267 7FD8 190C 7B9F C0DC 2161 D72E 7DCD 4258