chore: 除了开启签名外，验证脚本也通过

scripts/patch_tools/install_patch_system.sh

@@ -5,6 +5,7 @@ set -euo pipefail
 
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 INSTALL_DIR="/opt/patch-management"
+CONFIG_FILE="${SCRIPT_DIR}/patch_config.sh"
 
 log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1"; }
 info() { log "INFO: $1"; }
@@ -62,6 +63,17 @@ get_cmd_prefix() {
     fi
 }
 
+# 配置加载
+load_config() {
+    if [[ ! -f "$CONFIG_FILE" ]]; then
+        error "配置文件不存在: $CONFIG_FILE"
+        exit 1
+    fi
+
+    source "$CONFIG_FILE"
+    info "配置文件加载完成"
+}
+
 install_dependencies() {
     info "安装系统依赖..."
     
@@ -185,6 +197,30 @@ setup_cron() {
     fi
 }
 
+generate_gpg_key() {
+    local name="${1:-John Doe}"
+    local email="${2:-johndoe@example.com}"
+    local key_type="${3:-RSA}"
+    local key_length="${4:-4096}"
+    
+    cat > /tmp/gpg_batch << EOF
+Key-Type: $key_type
+Key-Length: $key_length
+Subkey-Type: $key_type
+Subkey-Length: $key_length
+Name-Real: $name
+Name-Email: $email
+Expire-Date: 0
+%commit
+EOF
+
+    gpg --batch --generate-key /tmp/gpg_batch
+    rm -f /tmp/gpg_batch
+    
+    echo "✅ 密钥生成完成"
+    gpg --list-secret-keys --keyid-format LONG "$email"
+}
+
 generate_keys() {
     info "生成签名密钥..."
     
@@ -194,6 +230,9 @@ generate_keys() {
     
     if [[ ! -f "$key_dir/private.pem" ]]; then
         $sudo_prefix mkdir -p "$key_dir"
+
+        # 生成GPG密钥对
+        generate_gpg_key "$PATCH_AUTHOR" "$PATCH_EMAIL" "RSA" "4096"
         
         # 生成RSA密钥对
         openssl genrsa -out "$key_dir/private.pem" 4096
@@ -211,6 +250,10 @@ generate_keys() {
 main() {
     info "开始安装企业级补丁管理系统"
     echo "========================================"
+    echo "📋 安装配置文件: $INSTALL_DIR/patch_config.sh"
+
+    # 加载配置
+    load_config
     
     # 检查运行环境
     if is_docker_environment; then