feat(signing): wire the production loran-pages publisher key#2
Open
UnbreakableMJ wants to merge 4 commits into
Open
feat(signing): wire the production loran-pages publisher key#2UnbreakableMJ wants to merge 4 commits into
UnbreakableMJ wants to merge 4 commits into
Conversation
Swap PUBLISHER_PUBLIC_KEY in loran-core::pipeline from the development placeholder (which aliased signing::tests::TEST_PUBLIC_KEY) to the real loran-pages publisher key, completing the first-launch key swap. The new trust root is intentionally distinct from the test key. The secret half lives in the release vault / the loran-pages repo's MINISIGN_SECRET_KEY Actions secret and is never committed — gitignore the local keypair (loran-pages.key / loran-pages.pub) to keep it that way. Bundled working-tree changes: - pipeline.rs / OPERATIONS.md: rewrite the publisher-trust-root docs to describe the production key and mark the §2.4 first-launch swap done; any future change to the constant is now a key rotation, not a placeholder edit. - categories.toml: add the `audio` (PipeWire/PulseAudio) and `bluetooth` (BlueZ) page categories; regenerate the categories snapshot (both list with 0 pages for now). - flake.nix: add a Nix flake that builds `-p loran` via rustPlatform.buildRustPackage, with REUSE SPDX headers. - AMBIGUOUS_REVIEW.md / .cargo/audit.toml: finish the Steelbore -> Spacecraft Software rename follow-through — mark resolved checklist items and fix the stale rename-prompt path / cache-format comment. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Signed-off-by: UnbreakableMJ <Mohamed.Hammad@SpacecraftSoftware.org>
The previous commit declared the `audio` and `bluetooth` categories with
no pages. Add four curated pages so they are no longer empty:
- audio/wpctl — WirePlumber/PipeWire native control
- audio/pactl — PulseAudio control-protocol client
(PulseAudio / pipewire-pulse)
- bluetooth/bluetoothctl — BlueZ interactive D-Bus client
- bluetooth/btmgmt — BlueZ management-API client (non-interactive)
Regenerate the categories snapshot (audio/bluetooth now list 2 each) and
the default list snapshot (four new entries). build.rs validates every
bundled page at compile time, so the gate already exercises these.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Signed-off-by: UnbreakableMJ <Mohamed.Hammad@SpacecraftSoftware.org>
Add a format check for the optional `tldr_page` frontmatter field to the shared parse pipeline. When set to a non-empty value it must be a lowercase tldr-pages identifier: no whitespace, no uppercase, no path separator, and no `.md` suffix (legitimate names with `+`, `.`, or digits — `g++`, `7z`, `2to3` — still pass). An empty string stays valid: it is the documented "no tldr page" sentinel that disables the lookup. The check is hermetic — it does not verify the page exists in the tldr corpus (that would need the archive). It flows through `Page::parse`, `OverlayPage::parse` / `merge_overlay`, `build.rs` compile-time bundled- page validation, and `loran validate` (new `INVALID_TLDR_PAGE` code). Adds the `PageError::InvalidTldrPage` variant and unit tests on both the page and overlay paths. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Signed-off-by: UnbreakableMJ <Mohamed.Hammad@SpacecraftSoftware.org>
btmgmt has no tldr-pages entry (verified: pages/linux/btmgmt.md and pages/common/btmgmt.md both 404). Set `tldr_page = ""`, the documented "no tldr page" sentinel, so `loran show btmgmt` skips the tldr lookup instead of attempting a `btmgmt` key that always misses. Exercises the empty-sentinel path of the new tldr_page validation. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Signed-off-by: UnbreakableMJ <Mohamed.Hammad@SpacecraftSoftware.org>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Completes the first-launch publisher-key swap and folds in the remaining
working-tree changes on this branch.
loran-core::pipeline::PUBLISHER_PUBLIC_KEYmoves from the development placeholder (which aliased
signing::tests::TEST_PUBLIC_KEY) to the realloran-pagespublisherkey. The new trust root is intentionally distinct from the test
key.
pipeline.rsandOPERATIONS.mdare rewritten to describe theproduction key and mark the §2.4 first-launch swap done — any future
change to the constant is a key rotation, not a placeholder edit.
in the release vault / the
loran-pagesrepo'sMINISIGN_SECRET_KEYActions secret.
loran-pages.key/loran-pages.pubare now.gitignored so the secret cannot be committed by accident.audio(PipeWire/PulseAudio) andbluetooth(BlueZ); the categories snapshot is regenerated (both list with 0 pages
for now).
flake.nix. A Nix flake that builds-p loranviarustPlatform.buildRustPackage, with REUSE SPDX headers.AMBIGUOUS_REVIEW.md/.cargo/audit.tomlfinish the Steelbore → Spacecraft Software cleanup (resolved checklist
items; stale rename-prompt path / cache-format comment fixed).
Verification
Full pre-commit gate (cold build) passes locally:
cargo fmt --check— cleancargo clippy --workspace --all-targets -- -D warnings— cleancargo test --workspace— all greencargo xtask check-spdx— ok (100 files)Follow-up (out of band, not in this PR)
loran-pagessecret key in the vault and setMINISIGN_SECRET_KEY/MINISIGN_PASSWORDin theloran-pagesrepobefore the next signed release.
audio/bluetoothcategories have no pages yet.🤖 Generated with Claude Code