Files
punktfunk/docs-site/content/docs
enricobuehler 2aa012e1b1 feat(rpm): enable gpgcheck=1 — packages are signed + verified
The signing rollout is confirmed end to end: the latest published RPM (0.2.0-0.ci1089) carries
a header GPG signature (added by `rpm --addsign`) and passed the in-CI `rpmkeys --checksig`
self-verify before publishing (a bad/unsigned build fails that gate and never reaches the
registry). So flip every .repo snippet from gpgcheck=0 to gpgcheck=1 and add the package-signing
public key (served from the generic registry, committed at packaging/rpm/RPM-GPG-KEY-punktfunk) to
gpgkey= alongside the Gitea metadata key — dnf/rpm-ostree imports both. Covers rpm/README,
packaging/README, the bootc Containerfile, and the docs-site bazzite/fedora-kde install pages;
rpm/README's signing section reframed from "dormant/enabling" to active (+ key-rotation notes).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-15 15:23:57 +00:00
..