From 7df736292ca2ebd688facc5e8df576bd49e2c842 Mon Sep 17 00:00:00 2001 From: rob thijssen Date: Mon, 27 Apr 2026 07:47:52 +0300 Subject: [PATCH] fix(ci): use rpm 6 openpgp signing with sequoia-sq RPM 6 on Fedora 43 uses sequoia (sq) for signing instead of gpg. Replace %_gpg_name with %_openpgp_sign_id and drop the gpg-agent loopback config. Add a pre-flight check for sequoia-sq. Co-Authored-By: Claude Opus 4.6 (1M context) --- .gitea/workflows/build-release.yml | 9 +++++++-- rpm/rpmmacros | 2 +- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitea/workflows/build-release.yml b/.gitea/workflows/build-release.yml index 22b4fcd..d7f1aca 100644 --- a/.gitea/workflows/build-release.yml +++ b/.gitea/workflows/build-release.yml @@ -134,14 +134,19 @@ jobs: find rpms/ -name '*.rpm' -exec mv --target-directory=rpms/ {} + find rpms/ -mindepth 1 -type d -empty -delete + - name: Check for sequoia-sq + run: | + if ! command -v sq &> /dev/null; then + echo "ERROR: sequoia-sq is not installed. Install with: sudo dnf install sequoia-sq" + exit 1 + fi + - name: Import signing key run: | echo "${{ secrets.RPM_SIGNING_KEY }}" | gpg --batch --import fpr=$(gpg --batch --with-colons --list-keys "${{ secrets.RPM_SIGNING_KEY_ID }}" | awk -F: '/^fpr:/ { print $10; exit }') echo "${fpr}:6:" | gpg --batch --import-ownertrust sed "s/@GPG_NAME@/${{ secrets.RPM_SIGNING_KEY_ID }}/" rpm/rpmmacros > ~/.rpmmacros - echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf - gpgconf --kill gpg-agent - name: Sign and publish run: ./script/publish-repo.sh rpms/ diff --git a/rpm/rpmmacros b/rpm/rpmmacros index 595589d..03ce44d 100644 --- a/rpm/rpmmacros +++ b/rpm/rpmmacros @@ -1 +1 @@ -%_gpg_name @GPG_NAME@ +%_openpgp_sign_id @GPG_NAME@