diff --git a/.gitea/workflows/build-host-agent.yml b/.gitea/workflows/build-host-agent.yml index 4cfc3a4..3a7bdeb 100644 --- a/.gitea/workflows/build-host-agent.yml +++ b/.gitea/workflows/build-host-agent.yml @@ -81,7 +81,21 @@ jobs: MINISIGN="$(find /tmp -type f -name minisign -path '*linux*' | head -1)" chmod +x "$MINISIGN" "$MINISIGN" -v - printf '%s\n' "$MINISIGN_SECRET_KEY" > /tmp/sign.key + # A minisign secret key file is TWO lines (comment + base64 blob). CI + # secret storage mangles embedded newlines, collapsing it to one line + # so minisign can't load it. Preferred form: store the secret + # base64-encoded (single line) — we decode it here. Auto-detect so a + # correctly-stored raw two-line key still works. + if printf '%s' "$MINISIGN_SECRET_KEY" | base64 -d 2>/dev/null | head -1 | grep -q "untrusted comment:"; then + printf '%s' "$MINISIGN_SECRET_KEY" | base64 -d > /tmp/sign.key + else + printf '%s\n' "$MINISIGN_SECRET_KEY" > /tmp/sign.key + fi + if ! head -1 /tmp/sign.key | grep -q "untrusted comment:"; then + echo "::error::MINISIGN_SECRET_KEY is neither base64 of a minisign key nor a raw two-line key file. Store it as: base64 < your-secret.key | tr -d '\n'" + rm -f /tmp/sign.key + exit 1 + fi cd corrosion-host-agent/bin # Passwordless key (-W generated); feed empty stdin so it never blocks. for f in corrosion-host-agent-linux-amd64 corrosion-host-agent-windows-amd64.exe checksums.txt; do diff --git a/corrosion-host-agent/Cargo.lock b/corrosion-host-agent/Cargo.lock index ae2c593..6180f9b 100644 --- a/corrosion-host-agent/Cargo.lock +++ b/corrosion-host-agent/Cargo.lock @@ -276,7 +276,7 @@ checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" [[package]] name = "corrosion-host-agent" -version = "2.0.0-alpha.6" +version = "2.0.0-alpha.8" dependencies = [ "anyhow", "async-nats", diff --git a/corrosion-host-agent/Cargo.toml b/corrosion-host-agent/Cargo.toml index 8f6d71b..2eaea17 100644 --- a/corrosion-host-agent/Cargo.toml +++ b/corrosion-host-agent/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "corrosion-host-agent" -version = "2.0.0-alpha.7" +version = "2.0.0-alpha.8" edition = "2021" description = "Corrosion Host Agent — multi-game ops runtime for self-hosted game servers" license = "UNLICENSED"