mirror of
https://github.com/aaddrick/claude-desktop-debian.git
synced 2026-05-17 08:36:35 +03:00
912c04ee1d
* fix(ci): force primary GPG key for repomd.xml signing PR #217 added --default-key for the gpg invocation that signs repomd.xml, but gpg's --default-key only chooses an identity, not which key under that identity actually signs. Without a trailing '!' on the keyid, gpg silently picks the most recent signing subkey. rpm 4.20+ and zypper verify repomd.xml only against the primary key, so the published signature fails verification with "Signature verification failed for repomd.xml" / "Signing key not found" — the exact symptom reported in #213. Append '!' to the keyid argument to force the primary key. Verified locally against zypper 1.14.96 / rpm 4.20.1 / gpg 2.x by re-signing the live repomd.xml with a test primary+subkey keypair: - Without '!': sig keyid = subkey, zypper refresh fails with "Signature verification failed for repomd.xml" (reproduces the production bug 1:1). - With '!': sig keyid = primary, zypper refresh succeeds: "Die angegebenen Repositorys wurden aktualisiert." Fixes #213 (regression of PR #217) Co-Authored-By: Claude <claude@anthropic.com> * docs(ci): tighten repomd.xml signing comment Compress the rationale block from 8 to 6 lines while preserving the load-bearing facts (gpg picks subkey by default, rpm 4.20+ / zypper reject subkey-signed repomd.xml, '!' forces the primary key, #213/#217 regression history). Adds an explicit "Do not strip it" admonition to the future reader. No functional change. Co-Authored-By: Claude <claude@anthropic.com> --------- Co-authored-by: Claude <claude@anthropic.com>