From 7575ec6a3c6307d0922249b09bb5a2661930e7ac Mon Sep 17 00:00:00 2001 From: rob thijssen Date: Sun, 26 Apr 2026 18:32:22 +0300 Subject: [PATCH] fix(ci): set ultimate trust on imported signing key GPG refuses to sign with a key that has unknown trust. Set the imported key to ultimate trust after import. Co-Authored-By: Claude Opus 4.6 (1M context) --- .gitea/workflows/build-release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitea/workflows/build-release.yml b/.gitea/workflows/build-release.yml index 9414745..22b4fcd 100644 --- a/.gitea/workflows/build-release.yml +++ b/.gitea/workflows/build-release.yml @@ -137,6 +137,8 @@ jobs: - name: Import signing key run: | echo "${{ secrets.RPM_SIGNING_KEY }}" | gpg --batch --import + fpr=$(gpg --batch --with-colons --list-keys "${{ secrets.RPM_SIGNING_KEY_ID }}" | awk -F: '/^fpr:/ { print $10; exit }') + echo "${fpr}:6:" | gpg --batch --import-ownertrust sed "s/@GPG_NAME@/${{ secrets.RPM_SIGNING_KEY_ID }}/" rpm/rpmmacros > ~/.rpmmacros echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf gpgconf --kill gpg-agent