Closed dig412 closed 5 years ago
hey @dig412, thanks for another PR! let me try and grok this (i'm sort of a n00b as well) and get back to you. i certainly see the benefit of this and it could make it more of a production type app.
@dig412, i added some questions/suggestions so let me know what you think. most of them are simple things, nothing major.
Thanks @esell, I've pushed another commit that fixes the err
/ log
/ fmt
changes you suggested.
@dig412, seriously, thanks a ton for submitting this PR. I just merged it so hopefully others will be able to use these new features :)
You're welcome - thanks for writing this really useful bit of software. I'm glad to be able to give back.
eek, looks like the test broke, i'll take a look and see if i can track it down...
This PR adds support for generating and signing the Releases file using a GPG key.
I wrote this because:
apt
complains about pulling from unsigned repositories, and will refuse to do so unless you addtrusted=yes
to the sources file. Not a major hardship, but hey.openpgp
library does all the heavy lifting.I've added easy key generation to the CLI as I dislike faffing around with GPG keyrings. Signing is configurable via
conf.json
, and if it's disabled the Releases file won't be created.This adds a fair bit more code and a large-ish dependency, so I understand if you don't want to merge it to mainline in order to keep things simple.