`InRelease` file: support `Signed-By` field

mirror of https://github.com/aptly-dev/aptly.git synced 2026-06-06 05:30:57 +00:00

https://wiki.debian.org/DebianRepository/Format#Signed-By says:
> **Signed-By**
> An optional field containing a comma separated list of
> OpenPGP key fingerprints to be used for validating
> the next Release file. The fingerprints must consist
> only of hex digits and may not contain spaces.
> The fingerprint specifies either the key the Release file
> must be signed with or the key the signature key must be
> a subkey of. The later match can be disabled by appending
> an exclamation mark to the fingerprint.
>
> If the field is present, a client should only accept future updates
> to the repository that are signed with keys listed in the field.
> The field should be ignored if the Valid-Until field is not present
> or if it is expired.

For both the CLI tools and JSON, the field is taken as a string verbatim.

When specified, we must also provide `Valid-Until` field,
and i'm not sure there is an 'infinity' value for it,
so 100 years will have to do?

Fixes https://github.com/aptly-dev/aptly/issues/1497

This commit is contained in:

Roman Lebedev

2025-12-29 23:15:40 +03:00

parent 836d9f3b8b

commit a4cc9211d6

25 changed files with 569 additions and 5 deletions

									
										deb/format.go
									
		+3
		
												View File
												
				@@ -26,8 +26,11 @@ var (

						"Version",

						"Codename",

						"Date",

						"Valid-Until",

						"NotAutomatic",

						"ButAutomaticUpgrades",

						"Acquire-By-Hash",

						"Signed-By",

						"Architectures",

						"Architecture",

						"Components",

InRelease file: support Signed-By field

`InRelease` file: support `Signed-By` field