bdhess
commented
2 years ago Thanks very much for the report. We've reproduced the issue -- it isn't intentional, and we're working on a fix to restore compatibility with the v1.0 library release.
Closed chris-allan closed 2 years ago
bdhess
commented
2 years ago Thanks very much for the report. We've reproduced the issue -- it isn't intentional, and we're working on a fix to restore compatibility with the v1.0 library release.
chris-allan
commented
2 years ago Thanks, @bdhess. Let us know if there's anything we can do to help.
bdhess
commented
2 years ago Compatibility has been restored, globally. Thanks again for raising this issue.
We've been using version 1.0 of this package with GitHub Actions (on Ubuntu 20.04) quite happily for several months to sign artifacts using a signing key in a Google KMS HSM. Recently, our builds started failing with errors like this:
Upgrading to 1.1 fixed the problem.
I didn't notice anything in particular in the release notes that jumped out as the reason beyond "Several internal dependencies were updated." Is it safe to say that 1.1 is now a requirement across the board and we should update all our code signing repositories accordingly or is there something else potentially afoot that would be useful for us to help debug?