lair/mistralrs-package
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(ci): configure gpg for non-interactive RPM signing
All checks were successful
poll-upstream / check (push) Successful in 1s
Details

Browse Source 
Add %__gpg_sign_cmd macro to ~/.rpmmacros with --batch, --no-tty, and
--pinentry-mode loopback so rpm --addsign works without a TTY in CI.

Also add signing progress output and post-sign verification to
publish-repo.sh for easier debugging.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
rob thijssen
2026-04-26 13:22:33 +03:00
parent 82a04c88dc
commit 0147e0fe32
2 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitea/workflows/build-release.yml
View File

@@ -129,6 +129,7 @@ jobs:
run: | run: |
echo "${{ secrets.RPM_SIGNING_KEY }}" | gpg --batch --import echo "${{ secrets.RPM_SIGNING_KEY }}" | gpg --batch --import
echo "%_gpg_name ${{ secrets.RPM_SIGNING_KEY_ID }}" > ~/.rpmmacros echo "%_gpg_name ${{ secrets.RPM_SIGNING_KEY_ID }}" > ~/.rpmmacros
echo "%__gpg_sign_cmd %{__gpg} gpg --batch --no-armor --no-tty --pinentry-mode loopback --passphrase '' %{?_gpg_digest_algo:--digest-algo %{_gpg_digest_algo}} --no-secmem-warning -u \"%{_gpg_name}\" -sbo %{__signature_filename} --digest-algo sha256 %{__plaintext_filename}" >> ~/.rpmmacros
- name: Sign and publish - name: Sign and publish
run: ./script/publish-repo.sh rpms/ run: ./script/publish-repo.sh rpms/

2
script/publish-repo.sh
View File

@@ -6,7 +6,9 @@ REMOTE_DIR="/var/www/rpm/fedora/43/x86_64"
# sign each rpm with the imported gpg key # sign each rpm with the imported gpg key
for rpm in "${RPM_DIR}"/*.rpm; do for rpm in "${RPM_DIR}"/*.rpm; do
echo "signing ${rpm}..."
rpm --addsign "${rpm}" rpm --addsign "${rpm}"
rpm --checksig "${rpm}"
done done
install --directory --mode 700 ~/.ssh install --directory --mode 700 ~/.ssh