'signingkey' key defaults don't work right on systems not exactly matching desired target
On a system running without firmware, installing to a system that desires firmware:
2023-09-23T06:20:06.967 log internal:0: info: signingkey: trusting packages@pleroma.apkfission.net-5ac0b300.rsa.pub for APK signing
2023-09-23T06:20:06.968 log internal:0: error: signingkey: could not copy key to target: No such file or directory
2023-09-23T06:20:06.968 log signingkey: error: The HorizonScript failed to execute: Check the log file for more details.
2023-09-23T06:20:06.968 log internal: error: Script failed. Stop.
Similarly, when signingkey
isn't specified, and the system is running current
:
2023-09-23T06:19:28.259 log internal:0: info: signingkey: trusting packages@adelielinux.org.pub for APK signing
2023-09-23T06:19:28.260 log internal:0: error: signingkey: could not copy key to target: No such file or directory
For the very-near term, this can probably wait, but the way forward I see is:
- Near-Term: Ship a set of trusted keys with Horizon. This would make sure users, no matter what Adélie version (or alternative distro) they use, can run Horizon.
-
Medium-Term: Identify how to distribute keys alongside official versions. (Perhaps the
adelie-keys
package?) - Long-Term: Some kind of key distribution service that can be cryptographically verified.