cassidyjames
commented
3 years ago @danrabbit should we be using GitHub secrets to store this key instead of including it directly in source code?
Closed danirabbit closed 3 years ago
cassidyjames
commented
3 years ago @danrabbit should we be using GitHub secrets to store this key instead of including it directly in source code?
danirabbit
commented
3 years ago @cassidyjames it's ultimately a plain text file on the user's system, so it's never going to really be secret. But also, the source is pulled into launchpad for the actual build, so there's no way to use GitHub Secrets for that
davidmhewitt
commented
3 years ago @cassidyjames No, because launchpad can't access GitHub secrets when it builds the package.
Also, I think there's some deb package hackery you have to do to get a package to override a different package's config files. We were previously carrying this key in os patches for that reason.
danirabbit
commented
3 years ago @davidmhewitt I thought we were carrying a patch because it wasn't actually configurable until a recent release? It looks like the config was added late 2019 so that wouldn't have been available in the Bionic version
davidmhewitt
commented
3 years ago https://github.com/elementary/os-patches/commit/cad478197172cd4cdd03b5cf882ae57a8426f615
And then that commit got reverted when that key expired and it stopped working.
Either way, geoclue ships that config file, and overriding it with a different package is weird and complicated afaik.
Adds a geoclue conf with our fancy new MLS key