BAD signature from "WP-CLI Releases"

I’m trying to get trellis and the local dev-environment running but i’m stuck at the Verify WP-CLI Phar Signature - This is the issue:

non-zero return code
gpg: Signature made Tue 12 Nov 2019 06:03:46 PM UTC
gpg:                using RSA key 63AF7AA15067C05616FDDD88A3A2E8F226F0BC06
gpg:                issuer ""
gpg: BAD signature from "WP-CLI Releases <>" [unknown]
fatal: [default]: FAILED! => {"changed": false, "cmd": ["gpg2", "--lock-never", "--no-default-keyring", "--keyring", "/tmp/wp-cli.pgp.gpg", "--verify", "/tmp/wp-cli-2.4.0.phar.asc", "/tmp/wp-cli-2.
4.0.phar"], "delta": "0:00:00.032877", "end": "2020-06-22 13:31:21.468455", "rc": 1, "start": "2020-06-22 13:31:21.435578", "stderr_lines": ["gpg: Signature made Tue 12 Nov 2019 06:03:46 PM UTC", "
gpg:                using RSA key 63AF7AA15067C05616FDDD88A3A2E8F226F0BC06", "gpg:                issuer \"\"", "gpg: BAD signature from \"WP-CLI Releases <>\"
 [unknown]"], "stdout": "", "stdout_lines": []}

I’m working on Windows 10 with WSL2 and am unsure what causes the issue since i followed all steps from the documentation - Any ideas someone?


I am getting this exact error too.

The checksum for /tmp/composer-installer.php did not match e0012edf3e80b69788
a; it was 8a122319b9b85eb65da32aa900c77529d96b111fc56411ff4ae0b8769f3366898c9
fatal: [default]: FAILED! => {“changed”: true, “checksum_dest”: null, “checksum_src”: “5f4fdb96fd066d6e87bbe185d3e7b60fbaa039de”, “dest”: “/tmp/composer-installer.php”, “elapsed”: 0, “src”: “/root/.ansible/tmp/ansible-moduletmp-1592929919.3565352-vtqgckj1/tmp3ut5ap_h”, “url”: “”}

I performed a manual install on the VM using a simple apt-get install composer.
I commented out - { role: composer, tags: [composer] } in my dev.yml // the tags approach never worked for me
The documentation for Trellis is lacking in general it seems.

I then re-run the provision. However, I am given a similar problem with wp-cli (an issue with the gpg key).

non-zero return code
gpg: Signature made Tue 12 Nov 2019 06:03:46 PM UTC
gpg: using RSA key 63AF7AA15067C05616FDDD88A3A2E8F226F0BC06
gpg: issuer “
gpg: directory ‘/root/.gnupg’ created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: BAD signature from “WP-CLI Releases” [unknown]
fatal: [default]: FAILED! => {“changed”: false, “cmd”: [“gpg2”, “–lock-never”, “–no-default-keyring”, “–keyring”, “/tmp/wp-cli.pgp.gpg”, “–verify”, “/tmp/wp-cli-2.4.0.phar.asc”, “/tmp/wp-cli-2.4.0.phar”], “delta”: “0:00:00.070498”, “end”: “2020-06-23 16:40:29.930083”, “rc”: 1, “start”: “2020-06-23 16:40:29.859585”, “stderr_lines”: [“gpg: Signature made Tue 12 Nov 2019 06:03:46 PM UTC”, “gpg: using RSA key 63AF7AA15067C05616FDDD88A3A2E8F226F0BC06”, “gpg: issuer “””, “gpg: directory ‘/root/.gnupg’ created”, “gpg: /root/.gnupg/trustdb.gpg: trustdb created”, “gpg: BAD signature from “WP-CLI Releases” [unknown]”], “stdout”: “”, “stdout_lines”: []}

SO I log back into the vagrant VM and attempt a manual install of wp-cli. However, I am greeted with the exact same error.

Interestingly, if I download wp-cli outside the VM using the host OS and copy it to the VM then it works. For example, if I run

curl -O

in the trellis home directory using a wsl shell I can then access that file in the VM at /vagrant

I can then copy it to the vm’s home dir
cp ./wp-cli.phar ~
chmod +x wp-cli.phar
sudo mv wp-cli.phar /usr/local/bin/wp

An it works.

So, I comment out { role: wp-cli, tags: [wp-cli] } in dev.yml and reprovision.

rsync: rename failed for “/srv/www/” (from
.~tmp~/.env): Operation not permitted (1)
rsync error: some files/attrs were not transferred (see previous errors)
(code 23) at main.c(1196) [sender=3.1.2]
failed: [default ->] ( => {“ansible_loop_var”: “item”, “changed”: false, “cmd”: “/usr/bin/rsync --delay-updates -F --compress --checksum --archive --out-format=<>%i %n%L /tmp/ /srv/www/”, “item”: {“key”: “”, “value”: {“admin_email”: “”, “cache”: {“enabled”: false}, “local_path”: “…/”, “multisite”: {“enabled”: false}, “site_hosts”: [{“canonical”: “alexfordfitness.local”, “redirects”: [“www.alexfordfitness.local”]}], “ssl”: {“enabled”: false, “provider”: “self-signed”}}}, “rc”: 23}

So I delete the .env file from the offending directory and try again.

I’ll keep you up to date with my developments. I have other things to be getting on with atm.

1 Like

Have you provisioned the server? Deploying before provisioning the site can result in similar issues (mainly ownership/permission errors).

1 Like

Thank you but this is for the local vagrant install.

your workaround sounds interesting, but in my case after the gpg error the result says that it skipped 22 steps which tells me the process didnt finish completely, doesn’t it?

Yep, which is why you are re-provisioning

However, I still have problems with things like
sh: 1: netsh: not found
sh: 1: cscript: not found
sh: 1: netsh: not found
sh: 1: cscript: not found

I need to look for some other software to develop wordpress locally as this is beyond a joke now.

i got this issue resolved by removing the vagrant-winnfsd plugin : vagrant plugin uninstall vagrant-winnfsd but still facing the gpg issue.

I highly recommend Local by Flywheel (Especially Local Lightning) - There is a good tutorial on configuring it to run with bedrock and/or sage. But i guess you have your reasons why you wanted to try out trellis…

Hopefully someone notices this issue and there is a stupid-simple solution to that :slight_smile:


I use a simple docker setup consisting of WSL 2, traefik, smallstep-ca and docker-gen and it offers HTTPS and localhost domains.

1 Like

Thank you. I am trying to use Local at the moment and it sometimes kind of sort of works but not really. I am using Trellis mainly because of the deployment features which work great so far. It’s just the local dev stuff that is causing a pain. I have just jumped back to Wordpress from Nodejs and the tooling here in WP land is just so bad in comparison. I shouldn’t have to fight to get a local dev server up and running. I also just ,oved away from Mac to Windows which is causing it’s own set of issues.

I think I’m going the docker route for local dev and stuck to Trellis for deployment.

I’m going to try this out today. Thank you. Any guides online that can smooth the process?

Thank you.

Install WSL 2 (install the latest update for stable Windows 10. Docker now even runs on Windows 10 Home), pick a WSL 2 distro frm the Windows App Store (I currently use Ubuntu 20 as it is Ubuntu like Trellis), then install Docker for Desktop Edge release and enable WSL 2 integration in Docker settings for that Ubuntu distribution.
Then you can create a docker-compose setup with mariadb, nginx, php-fpm or use one of the existing bedrock images.
Edit: WSL 2 also allows setting permissions (with tools like chmod and chown) on Windows files,
which solves many permission issues with databases in Docker (notably Postgres).

When I got more time, I should make a repo or guide with a simple docker setup for PHP/WP/Bedrock :slight_smile:

1 Like

tried this, works well but i was struggling with connecting to the local domain i setup… sometimes i miss the Mac OS Dev-Times, since you gotta tweak a lot in Win/WSL to get the same output. Maybe you have time to look at this and try a little - The repo itself looks pretty convenient! Back to work now :slight_smile:

1 Like

This topic was automatically closed after 42 days. New replies are no longer allowed.