## Summary Gitlab runner versions above `18.8.0` are not downloading shared caches anymore (`SignatureDoesNotMatch`). ## Steps to reproduce - S3 storage which does not support version 4 signature. - gitlab runner version `> 18.8.0` Runner config: ```toml [[runners]] name = "..." url = "..." token = "..." executor = "docker" [runners.cache] Type = "s3" Shared = true [runners.cache.s3] ServerAddress = "..." AccessKey = "..." SecretKey = "..." BucketName = "my-cache" Insecure = true ``` Pipeline file: All pipeline jobs which downloads `cache`. > [!note] > > Uploading cache to s3 is still possible. Only download is failing. ## Actual behavior Gitlab-Runners which uses a version `<= 18.8.0` are still able to download the caches. But as soon as the runner is updated, the caches cannot be downloaded anymore. Our S3 service is not supporting the `aws signature v4`. It needs to use `version 2`. There is a configuration parameter for the gitlab-server but for the runner it is not possible to set. ```rb gitlab_rails['packages_object_store_connection'] = { # For creation of signed URLs. Set to 2 if provider does not support v4. 'aws_signature_version' => 2 } ``` ## Expected behavior Download is possible again. ## Relevant logs and/or screenshots ``` WARNING: received: 403 Forbidden. Request failed with code: SignatureDoesNotMatch, message: The request signature we calculated does not match the signature you provided. Check your key and signing method. Failed to extract cache ``` ## Environment description <!--Are you using shared Runners on GitLab.com? Or is it a custom installation? Which executors are used? Please also provide the versions of related tools like `docker info` if you are using the Docker executor.--> - Gitlab: Custom installation `v18.8.1-ee` - Gitlab-Runner: `18.8.0` is working, newer versions not. - OS: Ubuntu - Executor: Docker <details> <summary>config.toml contents</summary> ```toml concurrent = 3 check_interval = 0 [session_server] session_timeout = 1800 [[runners]] name = "my-runner" url = "REDACTED" token = "REDACTED" executor = "docker" [runners.custom_build_dir] [runners.cache] Type = "s3" Shared = true [runners.cache.s3] ServerAddress = "REDACTED" AccessKey = "REDACTED" SecretKey = "REDACTED" BucketName = "REDACTED" Insecure = true [runners.docker] pull_policy = ["always", "always", "if-not-present"] tls_verify = false image = "alpine:latest" dns = ["REDACTED","REDACTED"] privileged = false disable_entrypoint_overwrite = false oom_kill_disable = false disable_cache = false volumes = ["/etc/ssl/certs:/etc/ssl/certs", "/etc/docker/certs.d/:/etc/docker/certs.d/:ro", "/var/run/docker.sock:/var/run/docker.sock"] shm_size = 0 ``` </details> ### Used GitLab Runner version <!--Please run and paste the output of `gitlab-runner --version`. If you are using a Runner where you don't have access to, please paste at least the first lines from the build log, like: ``` Version: 18.11.1 Git revision: 5265d41d Git branch: 18-11-stable GO version: go1.25.7 X:cacheprog Built: 2026-04-20T14:49:28Z OS/Arch: linux/amd64 ```--> ## Possible fixes <!--(If you can, link to the line of code that might be responsible for the problem) --->