From 1545553e9b9a151528d023798cca2a9f906a78c0 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 5 Jan 2026 19:44:41 +0000 Subject: [PATCH 1/4] Initial plan From 46eee46a16f514019537a7b0e52283d5b9571374 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 5 Jan 2026 19:48:00 +0000 Subject: [PATCH 2/4] Integrate GPG signing for Debian repository Co-authored-by: bqstony <10487253+bqstony@users.noreply.github.com> --- CONTRIBUTING.md | 35 +++++++++++++++++++++++++++++----- azure-pipelines-release.yml | 31 ++++++++++++++++++++++++++++-- docs/reference/installation.md | 10 +++++++--- 3 files changed, 66 insertions(+), 10 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ca9448c..f534a4c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -57,19 +57,44 @@ aptly repo create -config=aptly.conf -component=main -distribution=stable log4tc # add deb packages to the repository aptly repo add -config=aptly.conf log4tc *.deb -# publish the repository to a local directory -aptly publish repo -config=aptly.conf -architectures="amd64,arm64" -skip-signing log4tc +# Generate GPG key for signing (one-time setup) +cat >gpg-batch < /root/.aptly/public/log4tc-archive-keyring.gpg + +# Get the GPG key ID +export GPG_KEY_ID=$(gpg --list-keys --with-colons packages@log4tc.mbc-engineering.com | grep '^pub' | cut -d':' -f5) + +# publish the repository to a local directory with GPG signing +aptly publish repo -config=aptly.conf -architectures="amd64,arm64" -gpg-key="$GPG_KEY_ID" log4tc # The contents of the public directory can then be copied to the gh-pages branch of the github repository cp -r /root/.aptly/public/* /tmp/deb/ -# Now you can add following line to apt /etc/apt/sources.list.d/log4tc.list: -# deb https://mbc-engineering.github.io/log4TC/deb/ stable main +# To use the repository, first download and install the GPG key: +# wget -qO- https://mbc-engineering.github.io/log4TC/deb/log4tc-archive-keyring.gpg | sudo tee /etc/apt/trusted.gpg.d/log4tc-archive-keyring.gpg > /dev/null + +# Then add the repository to apt /etc/apt/sources.list.d/log4tc.list: +# deb [signed-by=/etc/apt/trusted.gpg.d/log4tc-archive-keyring.gpg] https://mbc-engineering.github.io/log4TC/deb/ stable main # or in the new format /etc/apt/sources.list.d/log4tc.sources: # Types: deb # URIs: https://mbc-engineering.github.io/log4TC/deb # Suites: stable # Components: main -# Trusted: yes +# Signed-By: /etc/apt/trusted.gpg.d/log4tc-archive-keyring.gpg ``` diff --git a/azure-pipelines-release.yml b/azure-pipelines-release.yml index 718336f..a0d5572 100644 --- a/azure-pipelines-release.yml +++ b/azure-pipelines-release.yml @@ -226,12 +226,39 @@ stages: echo 'Install aptly' sudo apt-get install -qq -y aptly gnupg + echo 'Generate GPG key for signing the repository' + cat >gpg-batch < repo/public/log4tc-archive-keyring.gpg + + echo 'Configure GPG key for aptly' + export GPG_KEY_ID=$(gpg --list-keys --with-colons packages@log4tc.mbc-engineering.com | grep '^pub' | cut -d':' -f5) + echo "Using GPG Key ID: $GPG_KEY_ID" + echo 'add deb packages to the repository' aptly repo add -config=aptly.conf log4tc $(Pipeline.Workspace)/log4TC-deb/*.deb - echo 'publish the repository to a local directory' - aptly publish repo -config=aptly.conf -architectures="amd64,arm64" -skip-signing log4tc + echo 'publish the repository to a local directory with GPG signing' + aptly publish repo -config=aptly.conf -architectures="amd64,arm64" -gpg-key="$GPG_KEY_ID" log4tc + echo 'Ensure public key is in the published directory' + cp repo/public/log4tc-archive-keyring.gpg repo/public/dists/stable/ + echo 'The contents of the public directory can then be copied to the staging area' cp -r repo/public/ $(Build.ArtifactStagingDirectory)/deb/ displayName: 'update deb repository with aptly to staging area' diff --git a/docs/reference/installation.md b/docs/reference/installation.md index 38ac74c..e28b142 100644 --- a/docs/reference/installation.md +++ b/docs/reference/installation.md @@ -74,9 +74,14 @@ Starten sie das setup erneut mit der Kommandozeile ausgeführt als Administrator 1. Hinzufügen des log4TC sources in apt sources listen: +Zuerst den GPG-Schlüssel herunterladen und installieren: +```bash +wget -qO- https://mbc-engineering.github.io/log4TC/deb/log4tc-archive-keyring.gpg | sudo tee /etc/apt/trusted.gpg.d/log4tc-archive-keyring.gpg > /dev/null +``` + **Legacy list format** `/etc/apt/sources.list.d/log4tc.list`: ```bash -deb https://mbc-engineering.github.io/log4TC/deb stable main +deb [signed-by=/etc/apt/trusted.gpg.d/log4tc-archive-keyring.gpg] https://mbc-engineering.github.io/log4TC/deb stable main ``` **New format** `/etc/apt/sources.list.d/log4tc.sources`: @@ -85,8 +90,7 @@ Types: deb URIs: https://mbc-engineering.github.io/log4TC/deb Suites: stable Components: main -# there is no GPG key available, so we mark the repository as trusted -Trusted: yes +Signed-By: /etc/apt/trusted.gpg.d/log4tc-archive-keyring.gpg ``` 2. Aktualisieren der apt package listen: From 44e57f0104e0e1a7efc25c4e550475dd7f051a05 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 5 Jan 2026 19:49:18 +0000 Subject: [PATCH 3/4] Fix directory creation order for GPG key export Co-authored-by: bqstony <10487253+bqstony@users.noreply.github.com> --- CONTRIBUTING.md | 7 ++++--- azure-pipelines-release.yml | 9 +++++---- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index f534a4c..6ec5e60 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -73,15 +73,16 @@ Expire-Date: 0 EOF gpg --batch --generate-key gpg-batch -# Export the public key -gpg --armor --export packages@log4tc.mbc-engineering.com > /root/.aptly/public/log4tc-archive-keyring.gpg - # Get the GPG key ID export GPG_KEY_ID=$(gpg --list-keys --with-colons packages@log4tc.mbc-engineering.com | grep '^pub' | cut -d':' -f5) # publish the repository to a local directory with GPG signing aptly publish repo -config=aptly.conf -architectures="amd64,arm64" -gpg-key="$GPG_KEY_ID" log4tc +# Export the public key after publishing +mkdir -p /root/.aptly/public +gpg --armor --export packages@log4tc.mbc-engineering.com > /root/.aptly/public/log4tc-archive-keyring.gpg + # The contents of the public directory can then be copied to the gh-pages branch of the github repository cp -r /root/.aptly/public/* /tmp/deb/ diff --git a/azure-pipelines-release.yml b/azure-pipelines-release.yml index a0d5572..fe7e8ff 100644 --- a/azure-pipelines-release.yml +++ b/azure-pipelines-release.yml @@ -243,9 +243,6 @@ stages: gpg --batch --generate-key gpg-batch - echo 'Export public key for distribution' - gpg --armor --export packages@log4tc.mbc-engineering.com > repo/public/log4tc-archive-keyring.gpg - echo 'Configure GPG key for aptly' export GPG_KEY_ID=$(gpg --list-keys --with-colons packages@log4tc.mbc-engineering.com | grep '^pub' | cut -d':' -f5) echo "Using GPG Key ID: $GPG_KEY_ID" @@ -256,7 +253,11 @@ stages: echo 'publish the repository to a local directory with GPG signing' aptly publish repo -config=aptly.conf -architectures="amd64,arm64" -gpg-key="$GPG_KEY_ID" log4tc - echo 'Ensure public key is in the published directory' + echo 'Export public key for distribution' + mkdir -p repo/public + gpg --armor --export packages@log4tc.mbc-engineering.com > repo/public/log4tc-archive-keyring.gpg + + echo 'Copy public key to the published directory for easy access' cp repo/public/log4tc-archive-keyring.gpg repo/public/dists/stable/ echo 'The contents of the public directory can then be copied to the staging area' From 3eac8a8b9fdb0b6f40baa06291ede5845fbc5d8c Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 5 Jan 2026 19:50:14 +0000 Subject: [PATCH 4/4] Use consistent path for GPG key export in CONTRIBUTING.md Co-authored-by: bqstony <10487253+bqstony@users.noreply.github.com> --- CONTRIBUTING.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 6ec5e60..16aef1a 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -79,12 +79,15 @@ export GPG_KEY_ID=$(gpg --list-keys --with-colons packages@log4tc.mbc-engineerin # publish the repository to a local directory with GPG signing aptly publish repo -config=aptly.conf -architectures="amd64,arm64" -gpg-key="$GPG_KEY_ID" log4tc -# Export the public key after publishing -mkdir -p /root/.aptly/public -gpg --armor --export packages@log4tc.mbc-engineering.com > /root/.aptly/public/log4tc-archive-keyring.gpg +# Export the public key for distribution +mkdir -p repo/public +gpg --armor --export packages@log4tc.mbc-engineering.com > repo/public/log4tc-archive-keyring.gpg + +# Copy public key to the published directory for easy access +cp repo/public/log4tc-archive-keyring.gpg repo/public/dists/stable/ # The contents of the public directory can then be copied to the gh-pages branch of the github repository -cp -r /root/.aptly/public/* /tmp/deb/ +cp -r repo/public/* /tmp/deb/ # To use the repository, first download and install the GPG key: # wget -qO- https://mbc-engineering.github.io/log4TC/deb/log4tc-archive-keyring.gpg | sudo tee /etc/apt/trusted.gpg.d/log4tc-archive-keyring.gpg > /dev/null