Add signed-by support to Debian APT repository#4207
Add signed-by support to Debian APT repository#4207Gedochao wants to merge 1 commit intoVirtusLab:mainfrom
signed-by support to Debian APT repository#4207Conversation
| ```bash | ||
| curl -sS "https://virtuslab.github.io/scala-cli-packages/KEY.gpg" | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/scala-cli.gpg 2>/dev/null | ||
| sudo mkdir -p /etc/apt/keyrings | ||
| curl -sS "https://virtuslab.github.io/scala-cli-packages/scala-cli-archive-keyring.gpg" | sudo tee /etc/apt/keyrings/scala-cli-archive-keyring.gpg > /dev/null |
There was a problem hiding this comment.
What is this link? https://virtuslab.github.io/scala-cli-packages/KEY.gpg exists, while the new one doesn't. Do you know how that key is even created? It seems to be something different from what we use in the secrets for github actions
There was a problem hiding this comment.
https://github.com/Gedochao/scala-cli/blob/4c1299a25250b2d09a0eb63e27e703dbf9f04bf9/build.mill#L1852-L1857
it's where the updateDebianPackages Mill job should write the keyring file, as per this snippet.
We haven't created this file before, it's part of the purpose of this PR. Perhaps something I should've explained in the description. We need to include the public key as a binary keyring in the distribution for users to refer to.
Admittedly, not something I have actually tested locally (not exactly easy to test end to end).
2 participants
Fixes #3501
Checklist
tested the solution locally and it works(no way to do that)scala-cli fmt .)scalafix(./mill -i __.fix)./mill -i 'generate-reference-doc[]'.run)How much have your relied on LLM-based tools in this contribution?
extensively, Cursor + Claude
How was the solution tested?
Can't really test it other than do a new release and re-check APT.
Additional notes
This is somewhat adjacent (but separate) to #4127, which requires regenerating the key with SHA-256+