Alexander Larsson

Yeah, its not ideal. We could compute them at build-time, which would get rid of the runtime dependency, but we'd still have the current example for older distros as it...

Overall this looks good to me. I have a performance worry for the allow list though. There is a ton of syscalls in that list, and adding them one by...

> Such performance problem was [reported](https://github.com/flatpak/flatpak/issues/4187) for some games. Yeah, and that was with the current small filters. But with an allowlist each syscall would have to pass a filter...

Ah, you need the gpg key in binary format. I tried: ``` $ gpg --dearmor kdeflatpak.asc $ flatpak remote-add kde http://distribute.kde.org/flatpak-testing/ --gpg-import=kdeflatpak.asc.gpg ``` However, this gives me: error: While pulling...

Sorry about not responding earlier btw, was away a bit.

@aleixpol Hmm, i dunno if `--gpg-sign="KDE Flatpak"` works. I tend to give the hex key id. Do you get a `summary.sig` file in the repo when you do that?

Ah, yeah, sorry, I misread the above error it seems. The gpg signature for the summary does indeed exists, its the one for the commit that it complains about. Lemme...

Quick debugging: The ref for the platform is runtime/org.kde.Platform/x86_64/master which we can see at http://distribute.kde.org/flatpak-testing/refs/heads/runtime/org.kde.Platform/x86_64/master points to 34407d5f5f48cdb3a1284fe8f78c637f45b44e058ad89393bf4b6c832613cf23. That commit exists in the repo as: http://distribute.kde.org/flatpak-testing/objects/34/407d5f5f48cdb3a1284fe8f78c637f45b44e058ad89393bf4b6c832613cf23.commit However, the signature for...

If --gpg-sign= is part of ${EXPORT_ARGS}, then that should be fine, as it will be passed to flatpak-builder. However, maybe that was not set at the time you built the...

Yeah, it crashes here too, we should fix that. However, this should work: ``` flatpak build-sign repo org.kde.Sdk --runtime --gpg-sign=61C45BED ```