feat(rpm): add the package-signing public key (activates the dormant signing)

The dedicated EdDSA signing key (AF245C506F4E4763, "punktfunk packages <packages@unom.io>")
whose private half is now the RPM_GPG_PRIVATE_KEY CI secret. Committing the public half so
clients can fetch it (raw URL) for gpgcheck=1. This push triggers a rpm.yml run that signs
0.2.0~ciN via packaging/rpm/sign-rpms.sh (no longer a no-op); the gpgcheck=1 flip follows once
that signed build is confirmed published.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-06-15 13:01:24 +00:00
parent 159f6bff5b
commit 7ce396fe2e
+9
View File
@@ -0,0 +1,9 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEai/2eRYJKwYBBAHaRw8BAQdAFxLGvh8wvzES9ylmxT4gy1i58EituotPyZwt
z+y9rbC0JXB1bmt0ZnVuayBwYWNrYWdlcyA8cGFja2FnZXNAdW5vbS5pbz6IkAQT
FgoAOBYhBDG6uOY81eoQ6beahK8kXFBvTkdjBQJqL/Z5AhsjBQsJCAcCBhUKCQgL
AgQWAgMBAh4BAheAAAoJEK8kXFBvTkdj1QsBAM0sI/qUzGEbuC2Zrk36QQBrUu/9
sy5uhYGZD6lMJ4uZAQC7W81H2gHlTDTA2Nq35HKW9IOU+Ll2c9fqa7fAIKf9Bg==
=e4Az
-----END PGP PUBLIC KEY BLOCK-----