docs(install): clarify the signing-key comment now that it's the real key
The old comment implied the key was still a REPLACE_ME placeholder. Reword to describe current behaviour (signature required for release installs) plus how to rotate the key. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
This commit is contained in:
parent
a2dd26b469
commit
5929ecb4c4
@ -24,10 +24,11 @@ SYSTEM_DIR="" ; CONTAINERS_DIR="" ; BACKUPS_DIR="" ; MANAGER_USER="" ; ALLOW_HOM
|
|||||||
DRY_RUN=0
|
DRY_RUN=0
|
||||||
NO_VERIFY_SIG=0
|
NO_VERIFY_SIG=0
|
||||||
|
|
||||||
# minisign public key. Keep the SECRET key offline. Once you run `minisign -G`,
|
# LibrePortal release-signing public key (minisign); the SECRET half is held
|
||||||
# paste the public key here AND into libreportal.pub. While it contains REPLACE_ME,
|
# offline by the maintainer. A valid tarball signature is REQUIRED for release
|
||||||
# signature verification is skipped (the sha256 still runs); once replaced, a valid
|
# installs (the sha256 is always checked too). To rotate: generate a new keypair
|
||||||
# signature becomes REQUIRED for release installs.
|
# (`minisign -G`) and replace this constant AND libreportal.pub. A value
|
||||||
|
# containing REPLACE_ME disables the signature check (placeholder / dev only).
|
||||||
LP_MINISIGN_PUBKEY="RWRBf8o+a1KSvF08fA3oKrVz/71D60YeF4GO66ntVeJvzAkI57sjgM1S"
|
LP_MINISIGN_PUBKEY="RWRBf8o+a1KSvF08fA3oKrVz/71D60YeF4GO66ntVeJvzAkI57sjgM1S"
|
||||||
|
|
||||||
usage() {
|
usage() {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user