Jean-Luc Makiola
e5be5f1ae5
All checks were successful
CI / ci (push) Successful in 5m17s
The F-Droid repo signing key (keystore.p12) and its config.yml — including the keystore passwords in cleartext — were publicly downloadable at apps.dev.jeanlucmakiola.de/dev/fdroid/ because the release workflow uploaded the entire fdroid/ working dir into the web-served path. The webserver has since been locked down to repo/ only; this rotates the now-compromised key and removes the root cause. - release.yaml: restore the repo key + config from new CI secrets (FDROID_KEYSTORE_BASE64, FDROID_CONFIG_BASE64) instead of the box; upload ONLY repo/ so the key never re-enters the served tree. - release.yaml: fail loudly when the repo key secrets are unset, replacing `fdroid update --create-key`, which silently minted a NEW repo key on a wiped server and would have broken every user's pinned fingerprint. - README: publish the new repo fingerprint (C2C0…3425). Existing users must remove and re-add the repo. - .gitignore: ignore *.p12 and the whole /fdroid/ working dir. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
11 KiB
11 KiB