search

krobertson / deb-s3

Easily create and manage an APT repository on S3 -- NO LONGER MAINTAINED
MIT License
482 stars 148 forks source link

--sign does not sign release file, Only adds Release.gpg & Release #125

Closed russmac closed 6 years ago

russmac commented 7 years ago

Update I've figured this out and will log a PR shortly.

deb-s3 (0.9.1)

When using 

deb-s3 upload \
    --visibility private \
    --preserve-versions \
    --gpg-options "\-\-passphrase ${GPG_PASSPHRASE}" \
    --sign "${GPG_KEY_ID}" \
    --bucket "${BUCKET}" \
    --arch "${ARCH}" \
    --codename ${DISTRO} \
    --component main \
    "${1}"

Everything works as expected, the files upload, Release.gpg is created however a signed Release file as InRelease is not generated breaking apt-secure without using allow unauthenticated setting.

Output

>> Retrieving existing manifests
>> Examining package file redacted.deb
>> Uploading packages and new manifests to S3
   -- Transferring pool/r/re/redacted.deb
   -- Transferring dists/stretch/main/binary-amd64/Packages
   -- Transferring dists/stretch/main/binary-amd64/Packages.gz
   -- Transferring dists/stretch/main/binary-i386/Packages
   -- Transferring dists/stretch/main/binary-i386/Packages.gz
   -- Transferring dists/stretch/main/binary-armhf/Packages
   -- Transferring dists/stretch/main/binary-armhf/Packages.gz
   -- Transferring dists/stretch/Release

You need a passphrase to unlock the secret key for
user: "Reda Cted <redacted>"
4096-bit RSA key, ID 00000000, created 20RR-RR-RR

   -- Transferring dists/stretch/Release.gpg
>> Update complete.
russmac commented 7 years ago

Fixed in: https://github.com/krobertson/deb-s3/pull/126