publish: pin publisher into every catalogue entry (root-cause fix)#34
Merged
Conversation
v1.12.3's catalogue anchor fail-closes any entry without a publisher pin. publish-submission.sh never emitted one, so every newly-published app is born unpinned (io.telepat.ideon-free was the first to hit this). Extract store.publisher from the bundle's signed manifest (authoritative — not metadata.json, whose publisher_pubkey can be a placeholder) and add it to the catalogue entry in both the rich and basic branches. Warns if a bundle has no store.publisher rather than silently shipping an unpinned entry. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why. v1.12.3's catalogue anchor fail-closes any entry without a
publisherpin.publish-submission.shnever emitted one, so every app published through the automation is born unpinned and would be refused on v1.12.3+ hosts.io.telepat.ideon-freewas the first to hit this (fixed live in pilot-protocol/pilotprotocol#327; this prevents recurrence).Change. Extract
store.publisherfrom the bundle's signed manifest (authoritative —metadata.json'spublisher_pubkeycan be a placeholder/stale, as seen on cosift/sixtyfour) and addpublisherto the catalogue entry in both the rich and basic jq branches. Emits aWARNINGif a bundle lacksstore.publisherinstead of silently shipping an unpinned entry.Verified: extraction on the live ideon bundle yields
ed25519:5cqj+…and the patched jq emits the field.bash -nclean.