I have tried to sign my own module with my own key, following instructions on the wiki (Requesting a Key to be Signed and Signing your own modules)
# ./sign.php /opt/freepbx/www/admin/modules/droitappels/
Signing with D7669362454060A6
Generating file list...
Signing /opt/freepbx/www/admin/modules/droitappels/module.sig..gpg: using "D7669362454060A6" as default secret key for signing
Done
#
But I still get “Module has been signed with an invalid key” in the “Module Admin” page and dashboard.
I tried to
#fwconsole ma refreshsignatures
I tried packaging the module and reinstalling it,
I tried updating “FreePBX Framework” to version 15.0.16.49,
Also tried to change (temporarily) the keyservers hardcoded in “FreePBX Framework” to one where my key is published (hkp://keyserver.ubuntu.com:80) but it doesn’t change the status of my own modules.
Knowing how the code signing stuff works, I’d say that you answered your own question right there. IIRC, everything has to be done through the key service at Sangoma.
That doesn’t seem to be the problem, the original keyserver list includes hkp://keyserver.ubuntu.com:80 (the documentation recommends sending keys to it and refreshing keys from it) , I just removed other keyservers ( pool dot sks-keyservers dot net has some problems at the moment )
Original $keyserver list in BMO/GPG.class.php :
// List of well-known keyservers.
private $keyservers = array(
"pool.sks-keyservers.net", // This should almost always work
"hkp://keyserver.ubuntu.com:80", // This is in case port 11371 is blocked outbound
"pgp.mit.edu", // Other random keyservers
"keyserver.pgp.com", // Other random keyserver
"pool.sks-keyservers.net"
); // Yes. sks is there twice
What I tried
// List of well-known keyservers.
private $keyservers = array(
"hkp://keyserver.ubuntu.com:80", // This is in case port 11371 is blocked outbound
); // Yes. sks is there twice
NO_PUBKEY is in the 4th line, not the 3rd. Therefore “preg_match(’/NO_PUBKEY (.+)/’, $out[‘status’][2], $keyarr)” can never be true, and my key is never fetched from any keyserver at all.
You can see the proper way to check if the key needs to be fetched @ line 125 in www/admin/libraries/BMO/GPG.class.php :
for($i=1;$i<count($out['status']);$i++) {
if (strpos($out['status'][$i], "[GNUPG:] NO_PUBKEY") === 0) {
// fetch key here
}
}
There may be a problem with my version of GnuPG (2.1.18) I wonder if anyone can show me what version they have and the result of the command line above.