fix(ci): configure gpg for non-interactive RPM signing
All checks were successful
poll-upstream / check (push) Successful in 1s
All checks were successful
poll-upstream / check (push) Successful in 1s
Add %__gpg_sign_cmd macro to ~/.rpmmacros with --batch, --no-tty, and --pinentry-mode loopback so rpm --addsign works without a TTY in CI. Also add signing progress output and post-sign verification to publish-repo.sh for easier debugging. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -129,6 +129,7 @@ jobs:
|
||||
run: |
|
||||
echo "${{ secrets.RPM_SIGNING_KEY }}" | gpg --batch --import
|
||||
echo "%_gpg_name ${{ secrets.RPM_SIGNING_KEY_ID }}" > ~/.rpmmacros
|
||||
echo "%__gpg_sign_cmd %{__gpg} gpg --batch --no-armor --no-tty --pinentry-mode loopback --passphrase '' %{?_gpg_digest_algo:--digest-algo %{_gpg_digest_algo}} --no-secmem-warning -u \"%{_gpg_name}\" -sbo %{__signature_filename} --digest-algo sha256 %{__plaintext_filename}" >> ~/.rpmmacros
|
||||
|
||||
- name: Sign and publish
|
||||
run: ./script/publish-repo.sh rpms/
|
||||
|
||||
Reference in New Issue
Block a user