Welcome to the Linux Foundation Forum!

LAB 3.2 Verifying Helm GPG Keys

When I issue the command
COUNT=$(gpg --verify --keyring="${PWD}/tempkeyring.gpg" --status-fd=1 "${TARFILE}" | grep -c -E '^\[GNUPG:\](GOODSIG|VALIDSIG)'); [[ ${COUNT} -ge 2 ]] && echo "Verified signatureof ${TARFILE}" || echo "FAILED to verify ${TARFILE}"
I get following output:

gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.
FAILED to verify helm-v3.9.4-linux-amd64.tar.gz

Until that step I've followed the lab instructions... What am I doing wrong?


  • chrispokorni
    chrispokorni Posts: 2,008

    Hi @k0dard,

    I can confirm that both validations fail for the same Helm 3.9.4. package for Linux/amd64. According to the author's instructions, if this behavior is observed, it can be reported at the email provided in the lab guide.


  • Ruffuss
    Ruffuss Posts: 3
    edited March 14

    Still doesn't work.

  • chrispokorni
    chrispokorni Posts: 2,008

    Hi @Ruffuss,

    The signature validation is marked as optional in the lab guide. However, if the installation is not successful, you could try the installation steps from the official helm docs at https://docs.helm.sh/docs/intro/install/



Upcoming Training