-
When building APK packages, I get an error that is not very clear. When I build DEB and RPM, I do not get an error and the output files seem correct. My config: name: "foo"
arch: "amd64"
platform: "linux"
version: "v1.0.0"
section: "default"
priority: "extra"
maintainer: "John Doe <john@example.com>"
description: |
FooBar is the great foo and bar software.
And this can be in multiple lines!
vendor: "FooBarCorp"
homepage: "http://example.com"
license: "MIT"
contents:
- src: ./nfpm
dst: /usr/local/bin/foo
rpm:
signature:
key_file: ./gpg.key
deb:
signature:
key_file: ./gpg.key
apk:
signature:
key_file: ./gpg.key I am building nfpm with the following commands cd cmd/nfpm
go build
/nfpm pkg --packager rpm --target ./
/nfpm pkg --packager deb --target ./
/nfpm pkg --packager apk --target ./ The RPM and DEB packages are built and signed without issue. The APK package gives the following error:
After doing some digging, I have determined the RSASignSHA1Digest function in rsa.go is the source of the error. I updated the returned error to verify this:
gpg.key does exist in the working directory, and is perfectly functional with rpm and deb. I noticed that this function does not seem to be called with RPM and DEB builds. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
APK packages are not signed with GPG, but with RSA keys. |
Beta Was this translation helpful? Give feedback.
APK packages are not signed with GPG, but with RSA keys.
https://nfpm.goreleaser.com/configuration/?h=rsa