Summary
While running a public registry smoke matrix with runx-cli 0.6.13, a locally emitted harness receipt verified its digest and content address but runx verify --allow-local-development-signatures marked the signature as malformed.
Environment
- OS: Windows host and Docker Linux container
- CLI:
runx-cli 0.6.13
- Harness command:
npx -y @runxhq/cli@0.6.13 harness . -R ./receipts --json
- Receipt id:
sha256:727b1310aae6da8a1db1996040f09f980260f159f4c85c954a31774fe40535e3
Verify command
runx verify --receipt receipts/sha256_727b1310aae6da8a1db1996040f09f980260f159f4c85c954a31774fe40535e3.json --allow-local-development-signatures --json
Observed result
digest.status: validcontent_address.status: validsignature.status: invalid- finding:
signature_malformed at signature.value
The receipt signature value uses the base64:<value> format emitted by the harness receipt writer.
Summary
While running a public registry smoke matrix with
runx-cli 0.6.13, a locally emitted harness receipt verified its digest and content address butrunx verify --allow-local-development-signaturesmarked the signature as malformed.Environment
runx-cli 0.6.13npx -y @runxhq/cli@0.6.13 harness . -R ./receipts --jsonsha256:727b1310aae6da8a1db1996040f09f980260f159f4c85c954a31774fe40535e3Verify command
Observed result
digest.status:validcontent_address.status:validsignature.status:invalidsignature_malformedatsignature.valueThe receipt signature value uses the
base64:<value>format emitted by the harness receipt writer.