fix(ci): fetch minisign static binary (not in bullseye apt); bump alpha.7
alpha.6 signing failed: 'E: Unable to locate package minisign' — minisign isn't packaged for node:20-bullseye. Download the official static linux binary instead. Forward to alpha.7 (alpha.6 published nothing). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
Vantz Stockwell
@@ -75,12 +75,17 @@ jobs:
|
||||
echo "::error::MINISIGN_SECRET_KEY secret is not set — refusing to publish unsigned agent artifacts."
|
||||
exit 1
|
||||
fi
|
||||
apt-get install -y -qq minisign
|
||||
# minisign isn't packaged for bullseye — fetch the official static binary.
|
||||
curl -sSL https://github.com/jedisct1/minisign/releases/download/0.12/minisign-0.12-linux.tar.gz -o /tmp/minisign.tgz
|
||||
tar -xzf /tmp/minisign.tgz -C /tmp
|
||||
MINISIGN="$(find /tmp -type f -name minisign -path '*linux*' | head -1)"
|
||||
chmod +x "$MINISIGN"
|
||||
"$MINISIGN" -v
|
||||
printf '%s\n' "$MINISIGN_SECRET_KEY" > /tmp/sign.key
|
||||
cd corrosion-host-agent/bin
|
||||
# Passwordless key (-W generated); feed empty stdin so it never blocks.
|
||||
for f in corrosion-host-agent-linux-amd64 corrosion-host-agent-windows-amd64.exe checksums.txt; do
|
||||
minisign -S -s /tmp/sign.key -m "$f" -x "$f.minisig" < /dev/null
|
||||
"$MINISIGN" -S -s /tmp/sign.key -m "$f" -x "$f.minisig" < /dev/null
|
||||
done
|
||||
rm -f /tmp/sign.key
|
||||
echo "signed: $(ls *.minisig)"
|
||||
|
||||
Reference in New Issue
Block a user