File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -464,22 +464,31 @@ jobs:
464464 run : |
465465 set -euxo pipefail
466466
467- sudo apt-get update
468- sudo apt-get install -y --no-install-recommends minisign
469-
470467 cd dist
471468
469+ # Install minisign (static Linux binary) without apt
470+ MS_VER="0.11"
471+ curl -fL --retry 10 --retry-delay 2 \
472+ -o minisign-linux.tar.gz \
473+ "https://github.com/jedisct1/minisign/releases/download/${MS_VER}/minisign-${MS_VER}-linux.tar.gz"
474+
475+ tar -xzf minisign-linux.tar.gz
476+ chmod +x minisign-linux/x86_64/minisign
477+ MS="./minisign-linux/x86_64/minisign"
478+
479+ # Decode private key (base64) to a temp file
472480 keyfile="$(mktemp)"
473481 chmod 600 "$keyfile"
474482 printf "%s" "$MINISIGN_PRIVATE_KEY_B64" | base64 -d > "$keyfile"
475483 test -s "$keyfile"
476484
485+ # Sign only release assets (not .sha256 / not existing .minisig)
477486 for f in vix-*.tar.gz vix-*.zip; do
478487 [ -f "$f" ] || continue
479488 if [ -n "${MINISIGN_PASSWORD:-}" ]; then
480- printf "%s" "$MINISIGN_PASSWORD" | minisign -S -s "$keyfile" -m "$f"
489+ printf "%s" "$MINISIGN_PASSWORD" | "$MS" -S -s "$keyfile" -m "$f"
481490 else
482- minisign -S -s "$keyfile" -m "$f"
491+ "$MS" -S -s "$keyfile" -m "$f"
483492 fi
484493 done
485494
You can’t perform that action at this time.
0 commit comments