fumiama/terasu-cloudflared
1
0
Fork 0
mirror of https://github.com/fumiama/terasu-cloudflared.git synced 2026-06-05 00:50:24 +08:00
Code Activity

TUN-9776: Support signing Debian packages with two keys for rollover

Browse Source 
* TUN-9776: Support signing Debian packages with two keys for rollover

Debian Trixie doesn't support the SHA-1 algo for GPG keys.

This commit leverages the ability of providing two keys in the reprepro configuration in order to have two signatures in InRelease and Release.gpg files.

This allows users that have the old key to continue fetching the binaries with the old key while allowing us to provide a new key that can be used in Trixie.

Unfortunately current versions of RPM (since 2002) don't support double signing, so we can't apply the same logic for RPM

Closes TUN-9776
This commit is contained in:
Gonçalo Garcia
2025-09-29 14:48:12 +00:00
parent 71448c1f7f
commit 9551f2a381
3 changed files with 89 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
cfsetup.yaml
View File

@@ -211,7 +211,7 @@ bookworm: &bookworm
- make github-release
r2-linux-release:
build_dir: *build_dir
builddeps:
builddeps: &r2-linux-release-deps
- *pinned_go
- build-essential
- fakeroot
@@ -231,4 +231,13 @@ bookworm: &bookworm
- pip install pynacl==1.4.0 pygithub==1.55 boto3==1.22.9 python-gnupg==0.4.9
- make r2-linux-release
r2-next-linux-release:
build_dir: *build_dir
builddeps: *r2-linux-release-deps
post-cache:
- python3 -m venv env
- . env/bin/activate
- pip install pynacl==1.4.0 pygithub==1.55 boto3==1.22.9 python-gnupg==0.4.9
- make r2-next-linux-release
trixie: *bookworm