Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes #23711: Add GPG signature verification to rudder-package #5176

Merged
merged 1 commit into from Nov 20, 2023
Merged

Fixes #23711: Add GPG signature verification to rudder-package #5176

merged 1 commit into from Nov 20, 2023

Conversation

amousset
Copy link
Member

@amousset amousset commented Nov 16, 2023
edited

https://issues.rudder.io/issues/23711

Interesting points:

  • Finally not using sequoia or another Rust lib as they are too low level and we don't want to deal with gpg internals.
  • Switching from gpg to gpgv, simpler, dedicated to signature verification, and provided with gpg.
  • Instead of using the public key, directly package a keyring, this makes the runtime check simpler.
  • Embed the keyring in the repo. It is not worse than storing a hash of the file and downloading it.

@amousset amousset requested a review from Fdall November 16, 2023 14:34
@amousset amousset marked this pull request as draft November 16, 2023 14:34
@amousset amousset removed the request for review from Fdall November 16, 2023 14:34
@amousset amousset added the WIP Use that label for a Work In Progress PR that must not be merged yet label Nov 16, 2023
@amousset
Copy link
Member Author

PR updated with a new commit

@amousset amousset force-pushed the bug_23711/add_gpg_signature_verification_to_rudder_package branch from 7d19917 to 02f76d5 Compare November 20, 2023 00:05
@amousset amousset removed the WIP Use that label for a Work In Progress PR that must not be merged yet label Nov 20, 2023
@amousset amousset marked this pull request as ready for review November 20, 2023 00:06
@amousset
Copy link
Member Author

PR updated with a new commit

2 similar comments
@amousset
Copy link
Member Author

PR updated with a new commit

@amousset
Copy link
Member Author

PR updated with a new commit

@Normation-Quality-Assistant
Copy link
Contributor

This PR is not mergeable to upper versions.
Since it is "Ready for merge" you must merge it by yourself using the following command:
rudder-dev merge https://github.com/Normation/rudder/pull/5176
-- Your faithful QA
Kant merge: "To be is to do."
(https://ci.normation.com/jenkins/job/merge-accepted-pr/76345/console)

@amousset
Copy link
Member Author

OK, squash merging this PR

@amousset amousset force-pushed the bug_23711/add_gpg_signature_verification_to_rudder_package branch from 730dcaa to e84cafd Compare November 20, 2023 09:24
@amousset amousset merged commit e84cafd into Normation:master Nov 20, 2023
1 check was pending
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Fdall Fdall Fdall approved these changes

Assignees
No one assigned
Labels
qa: Can't merge
Projects
None yet
Milestone
No milestone
3 participants
@amousset @Normation-Quality-Assistant @Fdall