improved the error message for failed package signing (#6948)

Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>

cmd/helm/package.go

@@ -37,6 +37,14 @@ is given, this will look at that path for a chart (which must contain a
 Chart.yaml file) and then package that directory.
 
 Versioned chart archives are used by Helm package repositories.
+
+To sign a chart, use the '--sign' flag. In most cases, you should also
+provide '--keyring path/to/secret/keys' and '--key keyname'.
+
+  $ helm package --sign ./mychart --key mykey --keyring ~/.gnupg/secring.gpg
+
+If '--keyring' is not specified, Helm usually defaults to the public keyring
+unless your environment is otherwise configured.
 `
 
 func newPackageCmd(out io.Writer) *cobra.Command {

pkg/provenance/sign.go

@@ -169,7 +169,7 @@ func (s *Signatory) DecryptKey(fn PassphraseFetcher) error {
 	if s.Entity == nil {
 		return errors.New("private key not found")
 	} else if s.Entity.PrivateKey == nil {
-		return errors.New("provided key is not a private key")
+		return errors.New("provided key is not a private key. Try providing a keyring with secret keys")
 	}
 
 	// Nothing else to do if key is not encrypted.
@@ -203,7 +203,7 @@ func (s *Signatory) ClearSign(chartpath string) (string, error) {
 	if s.Entity == nil {
 		return "", errors.New("private key not found")
 	} else if s.Entity.PrivateKey == nil {
-		return "", errors.New("provided key is not a private key")
+		return "", errors.New("provided key is not a private key. Try providing a keyring with secret keys")
 	}
 
 	if fi, err := os.Stat(chartpath); err != nil {