mirror of
https://github.com/archr-linux/Arch-R.git
synced 2026-07-12 18:19:42 -07:00
archr-keyring: ship the production ArchR master public key
Master generated 2026-06-23 offline (ed25519 cert-only with ed25519 sign subkey expiring 2028-06-23). Private master lives on encrypted cold storage; the signer subkey is on the build workstation only. Revocation certificate kept offline in two physical locations. Fingerprint: 0CB282379EBB394EF380AEB98A762D5706C602A1 archr.gpg is the binary public keyring that pacman-key --populate archr walks; archr-trusted gives the master full ownertrust (level 4) so packages signed by its subkey are accepted; archr-revoked stays empty until a key is actually revoked. archr-keyring/package.mk already auto-detects these files (instead of the empty placeholders it shipped before) and includes them in the image. With the keyring populated, the next gen-pacman-repo run with SIGNER set will produce a properly signed archr.db and per-package .sig files that ArchR clients can verify. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1 @@
|
||||
0CB282379EBB394EF380AEB98A762D5706C602A1:4:
|
||||
Binary file not shown.
Reference in New Issue
Block a user