Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sign RPM packages #1384

Closed
crivetimihai opened this issue Nov 15, 2021 · 5 comments · Fixed by #3612 or #4056
Closed

Sign RPM packages #1384

crivetimihai opened this issue Nov 15, 2021 · 5 comments · Fixed by #3612 or #4056
Assignees
@afdesk
Labels
kind/feature Categorizes issue or PR as related to a new feature. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Milestone
v0.41.0

Comments

@crivetimihai
Copy link

Description

https://aquasecurity.github.io/trivy-repo/ describes setting up RHEL/CentOS repos with gpgcheck=0. For security reasons this is not a good practice. The repo cannot be browsed as it's hosted on github pages.

Can you please provide a URL to the GPG key?

Thanks!
@crivetimihai crivetimihai added the kind/bug Categorizes issue or PR as related to a bug. label Nov 15, 2021
@knqyf263 knqyf263 added kind/feature Categorizes issue or PR as related to a new feature. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. and removed kind/bug Categorizes issue or PR as related to a bug. labels Nov 17, 2021
@knqyf263
Copy link
Collaborator

Yes, we're working on it, but it may need some more time.
#1093

@darkhonor
Copy link

Has any progress been made? It has been over a year since the last update. Is there something that would help implement? The referenced PR was closed for inactivity

@afdesk
Copy link
Contributor

afdesk commented Jan 26, 2023

@darkhonor sorry for waiting
I'm working on it this week

@john-0248
Copy link

Would like to implement trivy in a RedHat context but lack of GPG-key and a signed install-RPM makes it a non-starter unfortunately. Any progress? Estimated date when this could be available? Regardless, TIA! :-)

@afdesk afdesk mentioned this issue Feb 14, 2023
Merged
6 tasks
@afdesk afdesk mentioned this issue Mar 21, 2023
Closed
@knqyf263 knqyf263 added this to the v0.39.0 milestone Mar 24, 2023
@knqyf263 knqyf263 reopened this Apr 3, 2023
@knqyf263
Copy link
Collaborator

knqyf263 commented Apr 3, 2023

Reopened as we reverted #3612.

@knqyf263 knqyf263 modified the milestones: v0.39.0, v0.40.0 Apr 3, 2023
@knqyf263 knqyf263 changed the title No gpgcheck for RHEL/CentOS install instructions - please provide GPG for RPM packages and binaries. Sign RPM packages Apr 3, 2023
@afdesk afdesk mentioned this issue Apr 13, 2023
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@afdesk afdesk

Labels
kind/feature Categorizes issue or PR as related to a new feature. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Projects
Trivy Roadmap
Archived in project
Milestone
v0.41.0
5 participants
@knqyf263 @crivetimihai @john-0248 @afdesk @darkhonor