azcomputerguru/guru-connect
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases 1 Wiki Activity

fix: use jsign 7.1 for Azure Trusted Signing
All checks were successful
Build and Test / Build Agent (Windows) (push) Successful in 5m4s
Details
Build and Test / Build Server (Linux) (push) Successful in 8m38s
Details
Build and Test / Security Audit (push) Successful in 4m14s
Details
Build and Test / Build Summary (push) Successful in 18s
Details

Browse Source 
jsign 6.0 lacks the TRUSTEDSIGNING keystore type (only AZUREKEYVAULT); Azure Trusted
Signing support requires jsign >= 7.0. 7.1 matches /usr/share/jsign on the build host.
Fixes the release sign-and-publish step.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Mike Swanson
2026-05-29 11:05:09 -07:00
parent 520569937c
commit e7f38ce2a0
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitea/workflows/release.yml
View File

@@ -407,7 +407,9 @@ jobs:
set -euo pipefail
sudo apt-get update
sudo apt-get install -y default-jre-headless
JSIGN_VERSION="6.0"
# jsign >= 7.0 is required for the TRUSTEDSIGNING (Azure Trusted Signing) storetype;
# 6.0 only supports AZUREKEYVAULT. 7.1 matches the version on the build host.
JSIGN_VERSION="7.1"
curl -fsSL "https://github.com/ebourg/jsign/releases/download/${JSIGN_VERSION}/jsign-${JSIGN_VERSION}.jar" \
-o /tmp/jsign.jar
echo "[OK] Installed JRE and jsign ${JSIGN_VERSION}"