Issue
When distributing a Release bundle to an Edge Node or another Artifactory instance from the UI or REST API, you may encounter the error “Failed validating release bundle signature”:
Resolution
This issue generally occurs when the Public Key is missing on the target Edge Node/Artifactory instance. Based on our documentation, the target instance verifies the Release Bundle signature with a public GPG key.
To add the public key to the target instance, you can simply use the Propagate Signing key REST API.
Alternatively, you can follow the steps below:
1. On your main Artifactory instance (where the Release Bundles are generated), navigate to the Administration module → Security → Key Management and navigate to the 'Signing Keys' tab.
2. Search for the key used to sign the release bundle and click on the three dots on the right, then click on 'Download'. This will download only the public key. For example:
3. On your target instance (Edge Node/Artifactory instance), navigate to the Administration module → Security → Key Management and navigate to the 'Public Keys' tab and click on 'Add Key':
4. Provide the Key Alias and paste the public key previously downloaded and click on 'Add Public Key'
5. Try again to distribute the release Bundle.