feat: Verify Keysmith release binaries. #1586
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
enzoh
changed the title
|
Can you make it clearer that this is a keysmith public key? Also, when you leave the company or revoke your keys for some other reason, how do you expect people to verify the binaries? |
|
Let me contact the security team for their recommendation here. Probably best that they take custody of the key. |
dfinity-bot
added a commit
that referenced
this pull request
Feb 8, 2023
## Changelog for advisory-db: Branch: main Commits: [rustsec/advisory-db@bb92d2d5...b485cf4d](rustsec/advisory-db@bb92d2d...b485cf4) * [`58e20bb7`](rustsec/advisory-db@58e20bb) Add CVE-2023-0286 for openssl-src ([RustSec/advisory-db#1573](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1573)) * [`56f79c7b`](rustsec/advisory-db@56f79c7) Assigned RUSTSEC-2023-0006 to openssl-src ([RustSec/advisory-db#1574](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1574)) * [`a0530f10`](rustsec/advisory-db@a0530f1) Add CVE-2022-4304 for openssl-src ([RustSec/advisory-db#1575](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1575)) * [`d70e7f95`](rustsec/advisory-db@d70e7f9) Assigned RUSTSEC-2023-0007 to openssl-src ([RustSec/advisory-db#1576](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1576)) * [`4bf8b4c3`](rustsec/advisory-db@4bf8b4c) Add CVE-2022-4203 for openssl-src ([RustSec/advisory-db#1577](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1577)) * [`8d1c5992`](rustsec/advisory-db@8d1c599) Assigned RUSTSEC-2023-0008 to openssl-src ([RustSec/advisory-db#1578](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1578)) * [`818cdec0`](rustsec/advisory-db@818cdec) Add CVE-2023-0215 for openssl-src ([RustSec/advisory-db#1579](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1579)) * [`b324cf92`](rustsec/advisory-db@b324cf9) Assigned RUSTSEC-2023-0009 to openssl-src ([RustSec/advisory-db#1581](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1581)) * [`1445e637`](rustsec/advisory-db@1445e63) Add CVE-2022-4450 for openssl-src ([RustSec/advisory-db#1580](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1580)) * [`94fdfaf7`](rustsec/advisory-db@94fdfaf) Assigned RUSTSEC-2023-0010 to openssl-src ([RustSec/advisory-db#1585](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1585)) * [`3e3631fd`](rustsec/advisory-db@3e3631f) Add CVE-2023-0216 for openssl-src ([RustSec/advisory-db#1582](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1582)) * [`19c2e8af`](rustsec/advisory-db@19c2e8a) Assigned RUSTSEC-2023-0011 to openssl-src ([RustSec/advisory-db#1586](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1586)) * [`3cfb8970`](rustsec/advisory-db@3cfb897) Add CVE-2023-0217 for openssl-src ([RustSec/advisory-db#1583](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1583)) * [`daa52cad`](rustsec/advisory-db@daa52ca) Assigned RUSTSEC-2023-0012 to openssl-src ([RustSec/advisory-db#1587](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1587)) * [`0f3d1597`](rustsec/advisory-db@0f3d159) Add CVE-2023-0401 for openssl-src ([RustSec/advisory-db#1584](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1584)) * [`feb5cddd`](rustsec/advisory-db@feb5cdd) Assigned RUSTSEC-2023-0013 to openssl-src ([RustSec/advisory-db#1588](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1588)) * [`c6193701`](rustsec/advisory-db@c619370) Add advisory aliyun-oss-client ([RustSec/advisory-db#1589](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1589)) * [`8a1400e3`](rustsec/advisory-db@8a1400e) Assigned RUSTSEC-2022-0089 to aliyun-oss-client ([RustSec/advisory-db#1590](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1590)) * [`cb6cfde9`](rustsec/advisory-db@cb6cfde) Update RUSTSEC-2020-0071.md ([RustSec/advisory-db#1591](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1591)) * [`b485cf4d`](rustsec/advisory-db@b485cf4) Update RUSTSEC-2020-0071.md ([RustSec/advisory-db#1594](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1594))
mergify bot
pushed a commit
that referenced
this pull request
Mar 4, 2023
## Changelog for advisory-db: Branch: main Commits: [rustsec/advisory-db@bb92d2d5...b485cf4d](rustsec/advisory-db@bb92d2d...b485cf4) * [`58e20bb7`](rustsec/advisory-db@58e20bb) Add CVE-2023-0286 for openssl-src ([RustSec/advisory-db#1573](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1573)) * [`56f79c7b`](rustsec/advisory-db@56f79c7) Assigned RUSTSEC-2023-0006 to openssl-src ([RustSec/advisory-db#1574](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1574)) * [`a0530f10`](rustsec/advisory-db@a0530f1) Add CVE-2022-4304 for openssl-src ([RustSec/advisory-db#1575](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1575)) * [`d70e7f95`](rustsec/advisory-db@d70e7f9) Assigned RUSTSEC-2023-0007 to openssl-src ([RustSec/advisory-db#1576](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1576)) * [`4bf8b4c3`](rustsec/advisory-db@4bf8b4c) Add CVE-2022-4203 for openssl-src ([RustSec/advisory-db#1577](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1577)) * [`8d1c5992`](rustsec/advisory-db@8d1c599) Assigned RUSTSEC-2023-0008 to openssl-src ([RustSec/advisory-db#1578](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1578)) * [`818cdec0`](rustsec/advisory-db@818cdec) Add CVE-2023-0215 for openssl-src ([RustSec/advisory-db#1579](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1579)) * [`b324cf92`](rustsec/advisory-db@b324cf9) Assigned RUSTSEC-2023-0009 to openssl-src ([RustSec/advisory-db#1581](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1581)) * [`1445e637`](rustsec/advisory-db@1445e63) Add CVE-2022-4450 for openssl-src ([RustSec/advisory-db#1580](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1580)) * [`94fdfaf7`](rustsec/advisory-db@94fdfaf) Assigned RUSTSEC-2023-0010 to openssl-src ([RustSec/advisory-db#1585](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1585)) * [`3e3631fd`](rustsec/advisory-db@3e3631f) Add CVE-2023-0216 for openssl-src ([RustSec/advisory-db#1582](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1582)) * [`19c2e8af`](rustsec/advisory-db@19c2e8a) Assigned RUSTSEC-2023-0011 to openssl-src ([RustSec/advisory-db#1586](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1586)) * [`3cfb8970`](rustsec/advisory-db@3cfb897) Add CVE-2023-0217 for openssl-src ([RustSec/advisory-db#1583](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1583)) * [`daa52cad`](rustsec/advisory-db@daa52ca) Assigned RUSTSEC-2023-0012 to openssl-src ([RustSec/advisory-db#1587](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1587)) * [`0f3d1597`](rustsec/advisory-db@0f3d159) Add CVE-2023-0401 for openssl-src ([RustSec/advisory-db#1584](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1584)) * [`feb5cddd`](rustsec/advisory-db@feb5cdd) Assigned RUSTSEC-2023-0013 to openssl-src ([RustSec/advisory-db#1588](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1588)) * [`c6193701`](rustsec/advisory-db@c619370) Add advisory aliyun-oss-client ([RustSec/advisory-db#1589](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1589)) * [`8a1400e3`](rustsec/advisory-db@8a1400e) Assigned RUSTSEC-2022-0089 to aliyun-oss-client ([RustSec/advisory-db#1590](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1590)) * [`cb6cfde9`](rustsec/advisory-db@cb6cfde) Update RUSTSEC-2020-0071.md ([RustSec/advisory-db#1591](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1591)) * [`b485cf4d`](rustsec/advisory-db@b485cf4) Update RUSTSEC-2020-0071.md ([RustSec/advisory-db#1594](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/1594))
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I'm adding my public key so that it is downloadable from a DFINTIY branded URL.
My public key is needed to verify the signature on the Keysmith release binaries.
The verification process is as follows:
Download these files in addition to the release binary.
Verify the SHA256 checksum of the download.
grep "$(openssl dgst -sha256 keysmith-*.tar.gz)" SHA256.SUMVerify the signature on the release binary.
The command above should display the following output.