Test gpg signing directly, dump macro expansion, and use rpmsign
with --verbose to get more detail.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Dump rpmmacros, gpg keys, and file permissions before signing to
debug the silent failure.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Direct stdout/stderr capture may miss gpg subprocess output. Write
to a temp file and cat it on failure.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Capture stderr from rpm --addsign so the actual gpg error is visible
when signing fails.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The rpm keyring import needs root access which CI doesn't have.
Client-side verification on install is sufficient.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Import the GPG public key into rpm's keyring so rpm --checksig can
verify signatures. Also use --undefine dist before --define to ensure
the CLI value overrides the system macro on the build host.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add fedora_version to build, package, and publish matrices so the
pipeline can target multiple Fedora releases in parallel. Force the
dist tag via --define to ensure RPMs are stamped correctly regardless
of build host. Update poll-upstream to check all fedora/flavour
combinations before triggering a build.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add %__gpg_sign_cmd macro to ~/.rpmmacros with --batch, --no-tty, and
--pinentry-mode loopback so rpm --addsign works without a TTY in CI.
Also add signing progress output and post-sign verification to
publish-repo.sh for easier debugging.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move from /var/www/rpm/mistralrs/fedora-43/x86_64/ to
/var/www/rpm/fedora/43/x86_64/ so the repo can host packages
from multiple projects under a conventional hierarchy.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
