From 5929ecb4c46250275de632c8b649b730bd9ae6fd Mon Sep 17 00:00:00 2001 From: librelad Date: Thu, 28 May 2026 20:22:04 +0100 Subject: [PATCH] docs(install): clarify the signing-key comment now that it's the real key The old comment implied the key was still a REPLACE_ME placeholder. Reword to describe current behaviour (signature required for release installs) plus how to rotate the key. Co-Authored-By: Claude Opus 4.7 Signed-off-by: librelad --- install.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/install.sh b/install.sh index 8913f5e..a7f6abc 100644 --- a/install.sh +++ b/install.sh @@ -24,10 +24,11 @@ SYSTEM_DIR="" ; CONTAINERS_DIR="" ; BACKUPS_DIR="" ; MANAGER_USER="" ; ALLOW_HOM DRY_RUN=0 NO_VERIFY_SIG=0 -# minisign public key. Keep the SECRET key offline. Once you run `minisign -G`, -# paste the public key here AND into libreportal.pub. While it contains REPLACE_ME, -# signature verification is skipped (the sha256 still runs); once replaced, a valid -# signature becomes REQUIRED for release installs. +# LibrePortal release-signing public key (minisign); the SECRET half is held +# offline by the maintainer. A valid tarball signature is REQUIRED for release +# installs (the sha256 is always checked too). To rotate: generate a new keypair +# (`minisign -G`) and replace this constant AND libreportal.pub. A value +# containing REPLACE_ME disables the signature check (placeholder / dev only). LP_MINISIGN_PUBKEY="RWRBf8o+a1KSvF08fA3oKrVz/71D60YeF4GO66ntVeJvzAkI57sjgM1S" usage() {