fix(ci): override rpm sign command to use gpg backend

Fedora 43 defaults to rpm-sequoia for signing which ignores the imported gpg key. Set %__gpg_sign_cmd explicitly to force gpg-based signing with loopback pinentry. Remove diagnostics. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-26 19:58:07 +03:00
parent 3291f77fcd
commit 9f0116bb2b
2 changed files with 2 additions and 14 deletions
--- a/rpm/rpmmacros
+++ b/rpm/rpmmacros
@@ -1 +1,2 @@
 %_gpg_name @GPG_NAME@
+%__gpg_sign_cmd %{__gpg} --batch --verbose --no-armor --pinentry-mode loopback --passphrase '' --no-secmem-warning -u "%{_gpg_name}" -sbo %{__signature_filename} -- %{__plaintext_filename}
--- a/script/publish-repo.sh
+++ b/script/publish-repo.sh
@@ -7,22 +7,9 @@ RPM_DIR="${1%/}"
 REMOTE_DIR="/var/www/rpm/fedora/${FEDORA_VERSION}/x86_64"

 # sign each rpm with the imported gpg key
-echo "rpmmacros:"
-cat ~/.rpmmacros
-echo "gpg keys:"
-gpg --list-secret-keys --keyid-format long
-ls -la "${RPM_DIR}"/*.rpm
-
-echo "testing gpg signing directly..."
-echo test | gpg --batch --pinentry-mode loopback --passphrase '' --sign --armor -u "$(rpm --eval '%{_gpg_name}')" 2>&1 || echo "direct gpg sign failed"
-
-echo "rpm macro expansion:"
-rpm --eval '%{__gpg}' 2>&1
-rpm --eval '%{_gpg_name}' 2>&1
-
 for rpm in "${RPM_DIR}"/*.rpm; do
    echo "signing ${rpm}..."
-    rpmsign --addsign "${rpm}" --verbose 2>&1 || {
+    rpm --addsign "${rpm}" 2>&1 || {
        echo "failed to sign ${rpm}" >&2
        exit 1
    }