Issue Station
Sign In
Tools hereToolbox

openclaw - ✅(Solved) Fix [Bug]: Possibly incorrect gpg key fingerprint validation in Dockerfile [3 pull requests, 1 comments, 2 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
openclaw/openclaw#74234Fetched 2026-04-30 06:27:00
View on GitHub
Comments
1
Participants
2
Timeline
19
Reactions
2
Author
peledins-zimperiumpeledins-zimperium
Participants
clawsweeper[bot]clawsweeper[bot]peledins-zimperiumpeledins-zimperium
Timeline (top)
referenced ×10cross-referenced ×4subscribed ×2commented ×1
      expected_fingerprint="$(printf '%s' "$OPENCLAW_DOCKER_GPG_FINGERPRINT" | tr '[:lower:]' '[:upper:]' | tr -d '[:space:]')" && \
      actual_fingerprint="$(gpg --batch --show-keys --with-colons /tmp/docker.gpg.asc | awk -F: '$1 == "fpr" { print toupper($10); exit }')" && \
      if [ -z "$actual_fingerprint" ] || [ "$actual_fingerprint" != "$expected_fingerprint" ]; then \
        echo "ERROR: Docker apt key fingerprint mismatch (expected $expected_fingerprint, got ${actual_fingerprint:-<empty>})" >&2; \
        exit 1; \
      fi && \

From https://github.com/openclaw/openclaw/blob/c881e0a176f0ce87490578b62f9050d0bed1d2ab/Dockerfile#L244

Seems to not handle case when when docker.gpg.asc contains more than one public key: in that case first key will be validated, but second one could be used later on.

Error Message

expected_fingerprint="$(printf '%s' "$OPENCLAW_DOCKER_GPG_FINGERPRINT" | tr '[:lower:]' '[:upper:]' | tr -d '[:space:]')" &&
actual_fingerprint="$(gpg --batch --show-keys --with-colons /tmp/docker.gpg.asc | awk -F: '$1 == "fpr" { print toupper($10); exit }')" &&
if [ -z "$actual_fingerprint" ] || [ "$actual_fingerprint" != "$expected_fingerprint" ]; then
echo "ERROR: Docker apt key fingerprint mismatch (expected $expected_fingerprint, got ${actual_fingerprint:-<empty>})" >&2;
exit 1;
fi && \

Root Cause

      expected_fingerprint="$(printf '%s' "$OPENCLAW_DOCKER_GPG_FINGERPRINT" | tr '[:lower:]' '[:upper:]' | tr -d '[:space:]')" && \
      actual_fingerprint="$(gpg --batch --show-keys --with-colons /tmp/docker.gpg.asc | awk -F: '$1 == "fpr" { print toupper($10); exit }')" && \
      if [ -z "$actual_fingerprint" ] || [ "$actual_fingerprint" != "$expected_fingerprint" ]; then \
        echo "ERROR: Docker apt key fingerprint mismatch (expected $expected_fingerprint, got ${actual_fingerprint:-<empty>})" >&2; \
        exit 1; \
      fi && \

From https://github.com/openclaw/openclaw/blob/c881e0a176f0ce87490578b62f9050d0bed1d2ab/Dockerfile#L244

Seems to not handle case when when docker.gpg.asc contains more than one public key: in that case first key will be validated, but second one could be used later on.

Fix Action

Fixed

PR fix notes

PR #74254: fix(docker): require single primary key before Docker apt GPG pin

Description (problem / solution / changelog)

Summary

  • Enforce exactly one primary key (pub in gpg --with-colons) in docker.gpg.asc before comparing fingerprints.
  • Prevents verifying only the first fingerprint while gpg --dearmor imports every certificate into the APT keyring (issue #74234).
  • Subkeys remain sub (not pub), so the official Docker Debian keyfile is unchanged.

Test plan

  • gpg --show-keys --with-colons on the live Docker GPG URL: one pub, fingerprint matches OPENCLAW_DOCKER_GPG_FINGERPRINT.
  • Duplicated armored file yields pub count 2 → build would fail at the new guard.

Made with Cursor

Changed files

  • Dockerfile (modified, +7/-0)
  • src/dockerfile.test.ts (modified, +18/-0)

PR #74414: fix(docker): validate every gpg key in signing-key file (#74234)

Description (problem / solution / changelog)

Root cause

The Docker apt signing-key verification in the Dockerfile used awk '... { print; exit }' to extract the first armored key block, then fingerprint-checked only that key. A multi-key armored file (intentionally or via supply-chain compromise) would pass the check as long as the first key matched OPENCLAW_DOCKER_GPG_FINGERPRINT, even if subsequent keys were untrusted and were the ones actually used to sign packages.

Fix

Two-part hardening in the Dockerfile:

  1. Count-gate: after importing the key file, gpg --list-keys --with-colons counts the imported fingerprints; awk -F: '$1=="fpr"' | wc -l must equal exactly 1. If the file contains 0 or 2+ keys, the build fails immediately with an explicit diagnostic.

  2. Every-key validation: existing gpg --fingerprint check now runs after the count gate, so it verifies the single imported key matches OPENCLAW_DOCKER_GPG_FINGERPRINT.

Together these ensure the signing-key file can only progress through the build if it contains exactly one key and that key is the expected one.

Fixes #74234. Thanks @peledins-zimperium.

Changed files

  • CHANGELOG.md (modified, +1/-0)
  • Dockerfile (modified, +11/-1)

PR #74431: fix(docker): validate every gpg key in signing-key file (#74234)

Description (problem / solution / changelog)

Root cause

install-docker.sh fetched the Docker apt signing key and verified it with:

awk '/BEGIN/{found=1} found{print; if (/END/) exit}' signed-key | gpg --dearmor > ...

awk's exit stops at the first PEM block — if an attacker appended a second malicious key to the fetched file, only the first block was fingerprint-checked. The second key would be silently written into the trusted keyring and used for package verification.

Fix

Two guards added:

  1. Count gate — count -----BEGIN PGP PUBLIC KEY BLOCK----- headers; fail if not exactly 1.
  2. Every-key fingerprint loop — iterate all key IDs in the imported keyring and verify each against OPENCLAW_DOCKER_GPG_FINGERPRINT; fail if any key doesn't match.

The check runs in a temp keyring so nothing is added to the system keyring during validation.

Tests

Manual smoke-test: single valid key passes; multi-key file rejected; mismatched fingerprint rejected.

Fixes #74234.

Changed files

  • CHANGELOG.md (modified, +1/-0)
  • Dockerfile (modified, +11/-0)

Code Example

expected_fingerprint="$(printf '%s' "$OPENCLAW_DOCKER_GPG_FINGERPRINT" | tr '[:lower:]' '[:upper:]' | tr -d '[:space:]')" && \
      actual_fingerprint="$(gpg --batch --show-keys --with-colons /tmp/docker.gpg.asc | awk -F: '$1 == "fpr" { print toupper($10); exit }')" && \
      if [ -z "$actual_fingerprint" ] || [ "$actual_fingerprint" != "$expected_fingerprint" ]; then \
        echo "ERROR: Docker apt key fingerprint mismatch (expected $expected_fingerprint, got ${actual_fingerprint:-<empty>})" >&2; \
        exit 1; \
      fi && \

---
RAW_BUFFERClick to expand / collapse

Bug type

Regression (worked before, now fails)

Beta release blocker

No

Summary

      expected_fingerprint="$(printf '%s' "$OPENCLAW_DOCKER_GPG_FINGERPRINT" | tr '[:lower:]' '[:upper:]' | tr -d '[:space:]')" && \
      actual_fingerprint="$(gpg --batch --show-keys --with-colons /tmp/docker.gpg.asc | awk -F: '$1 == "fpr" { print toupper($10); exit }')" && \
      if [ -z "$actual_fingerprint" ] || [ "$actual_fingerprint" != "$expected_fingerprint" ]; then \
        echo "ERROR: Docker apt key fingerprint mismatch (expected $expected_fingerprint, got ${actual_fingerprint:-<empty>})" >&2; \
        exit 1; \
      fi && \

From https://github.com/openclaw/openclaw/blob/c881e0a176f0ce87490578b62f9050d0bed1d2ab/Dockerfile#L244

Seems to not handle case when when docker.gpg.asc contains more than one public key: in that case first key will be validated, but second one could be used later on.

Steps to reproduce

Open https://github.com/openclaw/openclaw/blob/c881e0a176f0ce87490578b62f9050d0bed1d2ab/Dockerfile#L244

Expected behavior

Validate that there is exactly one public key in the file.

Actual behavior

Only first key is matched. More context: https://superuser.com/questions/1747715/how-to-verify-fingerprint-of-a-gpg-file/1937159#1937159

OpenClaw version

main

Operating system

macOs

Install method

No response

Model

any

Provider / routing chain

openclaw

Additional provider/model setup details

No response

Logs, screenshots, and evidence

Impact and severity

No response

Additional information

No response

extent analysis

TL;DR

The issue can be fixed by modifying the script to handle multiple public keys in the docker.gpg.asc file and validate that there is exactly one public key.

Guidance

  • The current script only checks the first key in the docker.gpg.asc file, so it needs to be modified to handle multiple keys.
  • To verify the fix, check that the script correctly identifies and validates all public keys in the file.
  • The script should be updated to use a loop to iterate over all keys in the file, rather than just checking the first one.
  • The awk command can be modified to print all fingerprints, and then the script can check if there is more than one fingerprint.

Example

actual_fingerprints=$(gpg --batch --show-keys --with-colons /tmp/docker.gpg.asc | awk -F: '$1 == "fpr" { print toupper($10) }')
if [ $(echo "$actual_fingerprints" | wc -l) -ne 1 ]; then
  echo "ERROR: More than one public key found in docker.gpg.asc" >&2
  exit 1
fi

Notes

This fix assumes that the docker.gpg.asc file should only contain one public key. If multiple keys are expected, the script will need to be modified to handle that case.

Recommendation

Apply workaround: the script needs to be updated to handle multiple public keys in the docker.gpg.asc file, and this can be done by modifying the awk command and adding a check for multiple fingerprints.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…

FAQ

Expected behavior

Validate that there is exactly one public key in the file.

#optimization#mixed precision#training loop#device allocation#model download

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING

openclaw - ✅(Solved) Fix [Bug]: Possibly incorrect gpg key fingerprint validation in Dockerfile [3 pull requests, 1 comments, 2 participants]