Closed valpackett closed 1 year ago
Interesting! It looks like 2.10.0 was released in December, so I'm surprised we haven't had this reported before now.
The primary issue here is the repo route doesn't support .sig
files: https://github.com/clojars/clojars-web/blob/main/src/clojars/routes/repo.clj#L516
They may also need to be exlcuded from checksum validation here: https://github.com/clojars/clojars-web/blob/main/src/clojars/routes/repo.clj#L265
And this function should probably be extended to check for them in addition to .asc
files: https://github.com/clojars/clojars-web/blob/main/src/clojars/routes/repo.clj#L276
I'd be happy to accept a PR for this; it may be a bit before I can get to it myself.
SSH signing support has been implemented and released.
leiningen 2.10.0 has introduced support for making SSH signatures instead of PGP ones, however trying to deploy to clojars when using them results in 400 errors:
So evidently some work is required to support these…