Skip to content

Failed make_signed_source workflow produces no useful diagnostics

A make_signed_source workflow may end up producing no useful diagnostics when it fails. It created the following sign task for me:

key: REDACTED
purpose: uefi
unsigned:
- category: debusine:signing-input
  child_type: artifact
  collection: internal@collections
  data_matchers:
  - - architecture
    - kind: exact
      value: arm64
  name_matcher:
    kind: startswith
    value: extracted-for-signing-

Notably missing is any kind of identifying information as to what artifact should be signed (or it is unclear to me how the matcher would single out the intended one as none of the matches look sufficiently precise).

This sign task fails and it produces one empty debug log artifact. The logs written by debusine server or signing worker contain no useful information about the failure beyond the task being run (it actually makes it to the signing worker).

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information