New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incorrect subkey used to sign #805
Comments
The underlying reason is that GPG doesn't take the specified key literally, see here: yarnpkg/yarn#6916 (comment) I don't think aptly can really do much to solve this problem. Automatically adding a |
when I run command then show error: |
Maybe one could teach aptly to specify which key to use to sign things with the optional "!" being accepted as part of the key-id to use? You'd get the full, correct gnupg behavior. Use it as always, and nothing changes (so no breaking current setups). Prefix it with !, and you get the proper gnupg behavior, and that exact key-id is forced. If aptly already does just that, it is just a matter of documenting this explicitly. |
Aptly appears to be using the incorrect subkey to sign some repos.
Detailed Description
For Yarn, we have a GPG that contains two active subkeys. One of the subkeys is used to sign stable/RC releases (
23E7166788B63E1E
), while the other subkey (4F77679369475BAA
) is used for nightly builds. We have three Aptly repos: Stable, RC, and NightlyWe're explicitly signing the stable and RC repos with
23E7166788B63E1E
: https://github.com/yarnpkg/releases/blob/gh-pages/debian-source/add-deb.sh#L26-L27However, it appears to be ignoring this and using the wrong subkey to sign those repos (4F77679369475BAA).
See yarnpkg/yarn#6916
See last comments on yarnpkg/yarn#6865
Your Environment
Debian buster
Aptly 1.3.0 installed via
http://repo.aptly.info/
The text was updated successfully, but these errors were encountered: