Because of that, I’m attempting to sign my module with a local key instead. I’ve followed the instructions listed on that page under ** Complete Session walkthrough**, but FreePBX displays this error in the admin panel: “Module “My Module Name” signed by an invalid key.”
The output of the sign.php utility is this:
[root@localhost .gnupg]# /root/devtools/sign.php /var/www/html/admin/modules/mymodulename --local 4902C636CB141B70
gpg: checking the trustdb
gpg: public key of ultimately trusted key CB141B70 not found
gpg: public key of ultimately trusted key 023E6129 not found
gpg: public key of ultimately trusted key D0A48C05 not found
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 3 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 3u
gpg: error reading key: No public key
gpg: requesting key B33B4659 from hkp server keys.gnupg.net
gpg: packet(13) too large
gpg: read_block: read error: Invalid packet
gpg: Total number processed: 0
gpg: no valid OpenPGP data found.
Installing to local signing directory
Signing with 4902C636CB141B70
Generating file list...
Signing /etc/freepbx.secure/mymodulename.sig..gpg: no default secret key: N o secret key
gpg: [stdin]: clearsign failed: No secret key
Done
Tagging module for local signing...gpg: no default secret key: No secret key
gpg: [stdin]: clearsign failed: No secret key
Done
That’s unfortunately due to an attack on the FreePBX key - you should be able to skip that by importing the key manually:
# gpg --import /var/www/html/admin/libraries/BMO/9F9169F4B33B4659.key
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key B33B4659: public key "FreePBX Module Signing (This is the master key to sign FreePBX Modules) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
gpg: no ultimately trusted keys found
#
Edit: If that works, please tell me and I’ll update the wiki.
Thanks, that removed the packet error from the output.
I just generated a new key afterward and signed my module with that:
[root@localhost ~]# /root/devtools/sign.php /var/www/html/admin/modules/mymodulename --local F81ED4F9
Installing to local signing directory
Signing with F81ED4F9
Generating file list...
Signing /etc/freepbx.secure/mymodulename.sig..
Done
Tagging module for local signing...
Done
[root@localhost ~]#
No error messages in that output now, but unfortunately, the FreePBX web interface is still showing that my module is signed with an invalid key:
Module “My Module Name” signed by an invalid key.
Am I missing a step? Is it necessary to send my signing key to you guys before my key is valid? My understanding from the wiki is that I cannot do that since my module is a commercial module and not open source.
Well. it SHOULD work. Check the contents of the file and make sure it looks similar to the normal .sig files, I guess?
The only other thing I notice is that you’re not running sign.php from inside devtools, like the instructions say. I’m not sure that’s relevant, but please follow the instructions exactly. Are you running it on a FreePBX Distro machine?
Edit:
As in, do this:
# cd /root/devools
# ./sign.php /var/www/html/admin/modules/callhelper --local F81ED4F9
That’s the last way I did it last time I signed a local module, and it worked fine for me.
Edit 2: Are you sure there isn’t a /var/www/html/admin/modules/callhelper/module.sig file there already? That takes precedence over the root-owned local stuff.
I’m running this on a CentOS 7 installation with FreePBX installed, not the FreePBX distro
Edit 2: Are you sure there isn’t a /var/www/html/admin/modules/callhelper/module.sig file there already? That takes precedence over the root-owned local stuff.
That might be part of it, I might have had an old module.sig from another module in there (copied and pasted the directory contents when I made the new module, using an old module as a template).
I just deleted the module.sig from /var/www/html/admin/modules/callhelper, and ran the sign utility again (from /root/devtools as you suggested), and rebooted. It looks like the signing utility put my newly-created module.sig in the /var/www/html/admin/modules/callhelper directory, and now we’re back to square one with the “Invalid key” message. Hmmmm…