[release/8.0] Make duplicate deb/rpm packages so we can sign them with the new PMC key #63250
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jkoritzinsky
changed the title
jkoritzinsky
added
tell-mode
rbhanda
added
Servicing-approved
wtgodbe
approved these changes
Aug 21, 2025
dotnet-policy-service
bot
added
the
pending-ci-rerun
wtgodbe
removed
the
pending-ci-rerun
This was referenced Oct 15, 2025
Open
This was referenced Jan 15, 2026
Merged
Open
Open
Closed
Open
Open
Open
Closed
JonnyBooker
pushed a commit
to Avenue3-dev/minimal-api-validation
that referenced
this pull request
Jan 20, 2026
Updated [Microsoft.AspNetCore.Mvc.Testing](https://github.com/dotnet/aspnetcore) from 8.0.20 to 8.0.23. <details> <summary>Release notes</summary> _Sourced from [Microsoft.AspNetCore.Mvc.Testing's releases](https://github.com/dotnet/aspnetcore/releases)._ ## 8.0.23 [Release](https://github.com/dotnet/core/releases/tag/v8.0.23) ## What's Changed https://devblogs.microsoft.com/dotnet/dotnet-and-dotnet-framework-january-2026-servicing-updates/#release-changelogs ## 8.0.22 [Release](https://github.com/dotnet/core/releases/tag/v8.0.22) ## What's Changed * Update branding to 8.0.22 by @vseanreesermsft in dotnet/aspnetcore#63949 * [release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in dotnet/aspnetcore#63664 * [release/8.0] (http2): Lower WINDOWS_UPDATE received on (half)closed stream to stream abortion by @DeagleGross in dotnet/aspnetcore#63903 * [release/8.0] (deps): Bump src/submodules/googletest from `eb2d85e` to `9706f75` by @dependabot[bot] in dotnet/aspnetcore#63893 * [release/8.0] Fixed devtools url used for debug with chrome and edge by @github-actions[bot] in dotnet/aspnetcore#62080 * [release/8.0] Update dependencies from dotnet/source-build-reference-packages by @dotnet-maestro[bot] in dotnet/aspnetcore#63665 * [release/8.0] Update dependencies from dotnet/source-build-reference-packages by @dotnet-maestro[bot] in dotnet/aspnetcore#63957 * Merging internal commits for release/8.0 by @vseanreesermsft in dotnet/aspnetcore#64035 * Mark productVersion.txt as shipping artifact in 8.0 by @Copilot in dotnet/aspnetcore#64067 * Revert log level severity for unknown proxy in ForwardedHeadersMiddleware by @BrennanConroy in dotnet/aspnetcore#64090 **Full Changelog**: dotnet/aspnetcore@v8.0.21...v8.0.22 ## 8.0.21 [Release](https://github.com/dotnet/core/releases/tag/v8.0.21) ## What's Changed * Update branding to 8.0.21 by @vseanreesermsft in dotnet/aspnetcore#63509 * [release/8.0] (deps): Bump src/submodules/googletest from `373af2e` to `eb2d85e` by @dependabot[bot] in dotnet/aspnetcore#63500 * [release/8.0] Make duplicate deb/rpm packages so we can sign them with the new PMC key by @github-actions[bot] in dotnet/aspnetcore#63250 * [release/8.0] Extend Unofficial 1ES template in IdentityModel nightly tests job by @github-actions[bot] in dotnet/aspnetcore#63466 * [release/8.0] Quarantine ResponseBody_WriteContentLength_PassedThrough by @github-actions[bot] in dotnet/aspnetcore#63534 * [release/8.0] Update dependencies from dotnet/source-build-reference-packages by @dotnet-maestro[bot] in dotnet/aspnetcore#63261 * [release/8.0] Use wait assert in flaky tests by @ilonatommy in dotnet/aspnetcore#63565 * [release/8.0] Update Microsoft.Build versions by @github-actions[bot] in dotnet/aspnetcore#62507 * Merging internal commits for release/8.0 by @vseanreesermsft in dotnet/aspnetcore#63603 * backport(8.0): Fix runtime architecture detection logic in ANCM by @DeagleGross in dotnet/aspnetcore#63706 **Full Changelog**: dotnet/aspnetcore@v8.0.20...v8.0.21 Commits viewable in [compare view](dotnet/aspnetcore@v8.0.20...v8.0.23). </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport of #63249 to release/8.0
/cc @jkoritzinsky
Make duplicate deb/rpm packages so we can sign them with the new PMC key
Description
PMC has added a new signing key for packages published to repositories for new Linux distributions they will add support for, such as Debian 13 and SLES vNext. Packages pushed to these feeds must be signed with the new key. Existing feeds will maintain the same keys. The .NET signing infrastructure requires us to have separate copies of the package files to have them signed with different keys. This PR introduces separate copies of the DEB and RPM installers to be signed with the new signing keys.
Contributes to dotnet/arcade#16047
Customer Impact
Without this change, we can't ship
.debinstallers for Debian 13. With this change, we can.Regression?
Risk
[Justify the selection above]
Verification
Packaging changes reviewed?