Closed dig412 closed 5 years ago
esell
commented
5 years ago hey @dig412, thanks for another PR! let me try and grok this (i'm sort of a n00b as well) and get back to you. i certainly see the benefit of this and it could make it more of a production type app.
esell
commented
5 years ago @dig412, i added some questions/suggestions so let me know what you think. most of them are simple things, nothing major.
dig412
commented
5 years ago Thanks @esell, I've pushed another commit that fixes the err / log / fmt changes you suggested.
esell
commented
5 years ago @dig412, seriously, thanks a ton for submitting this PR. I just merged it so hopefully others will be able to use these new features :)
dig412
commented
5 years ago You're welcome - thanks for writing this really useful bit of software. I'm glad to be able to give back.
esell
commented
5 years ago eek, looks like the test broke, i'll take a look and see if i can track it down...
This PR adds support for generating and signing the Releases file using a GPG key.
I wrote this because:
aptcomplains about pulling from unsigned repositories, and will refuse to do so unless you addtrusted=yesto the sources file. Not a major hardship, but hey.openpgplibrary does all the heavy lifting.I've added easy key generation to the CLI as I dislike faffing around with GPG keyrings. Signing is configurable via
conf.json, and if it's disabled the Releases file won't be created.This adds a fair bit more code and a large-ish dependency, so I understand if you don't want to merge it to mainline in order to keep things simple.