From ecf38bb53f2fe7331857cf57495f092d4a87ba72 Mon Sep 17 00:00:00 2001
From: rob thijssen <grenade@rob.tn>
Date: Sun, 26 Apr 2026 18:14:44 +0300
Subject: [PATCH] fix(ci): add diagnostics to signing step

Dump rpmmacros, gpg keys, and file permissions before signing to
debug the silent failure.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 script/publish-repo.sh | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/script/publish-repo.sh b/script/publish-repo.sh
index 428d934..3aea6b0 100755
--- a/script/publish-repo.sh
+++ b/script/publish-repo.sh
@@ -7,13 +7,18 @@ RPM_DIR="${1%/}"
 REMOTE_DIR="/var/www/rpm/fedora/${FEDORA_VERSION}/x86_64"
 
 # sign each rpm with the imported gpg key
+echo "rpmmacros:"
+cat ~/.rpmmacros
+echo "gpg keys:"
+gpg --list-secret-keys --keyid-format long
+ls -la "${RPM_DIR}"/*.rpm
 for rpm in "${RPM_DIR}"/*.rpm; do
     echo "signing ${rpm}..."
-    if ! rpm --addsign "${rpm}" > /tmp/rpmsign.log 2>&1; then
+    rpm --addsign "${rpm}" 2>&1 | tee /tmp/rpmsign.log || {
         echo "failed to sign ${rpm}:" >&2
         cat /tmp/rpmsign.log >&2
         exit 1
-    fi
+    }
 done
 
 install --directory --mode 700 ~/.ssh