We have built our own plugin using react and we are trying to sign it in private mode using the steps given here - Sign a plugin | Grafana Labs
We have created an API key. the first part of our plugin ID matches our grafana cloud account slug. but we are getting the following error when we run the command “npx @grafana/toolkit plugin:sign --signatureType private --rootUrls https://localhost:3000/grafana”
npx: installed 1982 in 232.897s
Error: Error signing manifest: Request failed with status code 503
at Object. (/root/.npm/_npx/28227/lib/node_modules/@grafana/toolkit/src/plugins/manifest.js:168:27)
at step (/root/.npm/_npx/28227/lib/node_modules/@grafana/toolkit/node_modules/tslib/tslib.js:143:27)
at Object.throw (/root/.npm/_npx/28227/lib/node_modules/@grafana/toolkit/node_modules/tslib/tslib.js:124:57)
at rejected (/root/.npm/_npx/28227/lib/node_modules/@grafana/toolkit/node_modules/tslib/tslib.js:115:69)
at processTicksAndRejections (internal/process/task_queues.js:95:5)
Sounds like it could be a temporary error from the Grafana API. Are you still experiencing the error? It looks like you’re using SSL for you localhost URL (https rather than http). Is this intentional?
Yes. We are experiencing this error since 5 days. And it’s in our requirement to make it HTTPS. We are working in a corporate network.
When we run with proxies:
The above error is when we run after setting corporate proxies.
When we run without setting proxies:
[Error: Error signing manifest: write EPROTO 139627366410112:error:14094419:SSL routines:ssl3_read_bytes:tlsv1 alert access denied:…/deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 49]
Could you please comment on the above error? When does it happen? Can it be due to corporate private network?
To get a signature, the sign command needs to be able to access the Grafana API. Looks like there might be some problems connecting to it? Could there be any firewalls that might be blocking the sign request?
Thanks… the issue was with the corporate firewall itself. We tried to sign the plugin on a machine outside the firewall and it worked. We were able to sign it successfully. even the grafana on this machine shows the plugin as signed.
When we transferred this privately signed plugin to our original machine (zipped the plugin folder and transferred it), grafana there says ‘invalid signature’. We tried to copy the same to multiple different machines and everywhere grafana says ‘invalid signature’. We looked at multiple issues and forums and our problem is similar to what’s given here -
while signing does it take into account any information related to the system?.
We were even able to partially resolve invalid signature problem. When we put https://localhost:3000 as rootUrl in grafana.ini and also in plugin sign command, it works. Grafana shows the plugin is signed.