From 70ae2108ee09997715993d2fa0e4ef6b18c607cb Mon Sep 17 00:00:00 2001
From: rob thijssen <grenade@rob.tn>
Date: Sun, 26 Apr 2026 15:27:40 +0300
Subject: [PATCH] fix(ci): import public key for checksig and force dist tag
 override

Import the GPG public key into rpm's keyring so rpm --checksig can
verify signatures. Also use --undefine dist before --define to ensure
the CLI value overrides the system macro on the build host.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .gitea/workflows/build-release.yml | 1 +
 script/publish-repo.sh             | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/.gitea/workflows/build-release.yml b/.gitea/workflows/build-release.yml
index 2629557..07d093f 100644
--- a/.gitea/workflows/build-release.yml
+++ b/.gitea/workflows/build-release.yml
@@ -100,6 +100,7 @@ jobs:
           rpmbuild -bb rpm/mistralrs.spec \
             --define "mistralrs_version ${version}" \
             --define "mistralrs_flavour ${{ matrix.name }}" \
+            --undefine dist \
             --define "dist .fc${{ matrix.fedora_version }}"
         env:
           TAG: ${{ inputs.tag }}
diff --git a/script/publish-repo.sh b/script/publish-repo.sh
index a595082..8024a3c 100755
--- a/script/publish-repo.sh
+++ b/script/publish-repo.sh
@@ -5,6 +5,9 @@ RPM_DIR="${1:?usage: $0 <rpm-directory>}"
 : "${FEDORA_VERSION:?}"
 REMOTE_DIR="/var/www/rpm/fedora/${FEDORA_VERSION}/x86_64"
 
+# import the public key into rpm's keyring for verification
+gpg --export --armor "$(rpm --eval '%{_gpg_name}')" | rpm --import /dev/stdin
+
 # sign each rpm with the imported gpg key
 for rpm in "${RPM_DIR}"/*.rpm; do
     echo "signing ${rpm}..."