Our install script uses --no-default-keyring and --keyring to force gpg to use our public key to verify the file signature after download. As per the docs for those two options:
Note that if the option use-keyboxd is enabled in common.conf, no keyrings are used at all and keys are all maintained by the keyboxd process in its own database.
If this option is enabled, installs will fail like this:
Downloading Doppler CLI
Verifying signature
Failed to verify binary signature
ERROR: script failed during execution
This change switches us over to using gpgv which is a binary installed with gnupg that's used strictly for verifying signatures in the fashion we want and doesn't use keyboxd.
Our install script uses
--no-default-keyring
and--keyring
to forcegpg
to use our public key to verify the file signature after download. As per the docs for those two options:If this option is enabled, installs will fail like this:
This change switches us over to using
gpgv
which is a binary installed withgnupg
that's used strictly for verifying signatures in the fashion we want and doesn't use keyboxd.