Our install script uses --no-default-keyring and --keyring to force gpg to use our public key to verify the file signature after download. As per the docs for those two options:
Note that if the option use-keyboxd is enabled in common.conf, no keyrings are used at all and keys are all maintained by the keyboxd process in its own database.
If this option is enabled, installs will fail like this:
Downloading Doppler CLI
Verifying signature
Failed to verify binary signature
ERROR: script failed during execution
This change switches us over to using gpgv which is a binary installed with gnupg that's used strictly for verifying signatures in the fashion we want and doesn't use keyboxd.
Our install script uses
--no-default-keyringand--keyringto forcegpgto use our public key to verify the file signature after download. As per the docs for those two options:If this option is enabled, installs will fail like this:
This change switches us over to using
gpgvwhich is a binary installed withgnupgthat's used strictly for verifying signatures in the fashion we want and doesn't use keyboxd.