Skip to content

Commit

Permalink
Merge pull request #700 from freedomofpress/697-new-signing-key
Browse files Browse the repository at this point in the history 
Switch to 2021 signing key; update tests
  • Loading branch information
@conorsch
conorsch committed Jun 1, 2021
2 parents 9a55c9b + d4a8d1b commit e180ad0
Show file tree
Hide file tree
Showing 5 changed files with 57 additions and 2 deletions.
2 changes: 1 addition & 1 deletion dom0/sd-default-config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
prod:
dom0_yum_repo_url: "https://yum.securedrop.org/workstation/dom0/f25"
apt_repo_url: "https://apt.freedom.press"
signing_key_filename: "securedrop-release-signing-pubkey.asc"
signing_key_filename: "securedrop-release-signing-pubkey-2021.asc"
# Development variables, suited for use during local development
dev:
dom0_yum_repo_url: "https://yum-test.securedrop.org/workstation/dom0/f25"
Expand Down
2 changes: 2 additions & 0 deletions rpm-build/SPECS/securedrop-workstation-dom0-config.spec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,8 @@ find /srv/salt -maxdepth 1 -type f -iname '*.top' \
| xargs -n1 basename \
| sed -e 's/\.top$$//g' \
| xargs qubesctl top.enable > /dev/null
mkdir -p /tmp/sdw-migrations
touch /tmp/sdw-migrations/signing-key-update

%changelog
* Wed Mar 10 2021 SecureDrop Team <securedrop@freedom.press> - 0.5.3
Expand Down
53 changes: 53 additions & 0 deletions sd-workstation/securedrop-release-signing-pubkey-2021.asc
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGCZZq0BEAC+wLsE1p+RF7xSHUNSAKS/pFs9Ax0mAAoqdZ1KpB3u1DNTWZd+
aj+TU/L/Yxgxlc5aapJn2LAhiTKRljLAnZXIwa97hvKPWwufphCg6QbyDlndXjLR
LZGkR+Zi6Y2NPN+ryfG0ufCNph3iwJR3nBrRLN4uulFC5ejZsXdC5QXbFxssmWjF
fUyaWwwwJ0Fz6oY2icsntumf8m7JeUNbLUWR7LDWqCOI52JEhswLXHfTbODNfp1K
sGs0HwKmyH68ITRmNSjwz1xoS/ToXpBtiZ0YkczRlljfg4cxI11/7+pQohX9K7G5
K4UT322QB5adtanIjVX7GFWjWxzs3MKE/xyLZN0+8jf/QnIC4K8vrMgWolQmRmJs
RSCGGDoXT36g0kqnLuuFQmrvNnItcmy+5eefSCcjF+NG8xwN9kApRUxkpF3Dt/Bb
PBCuKXghvQxA5V1r29v/gkyTsa6n5NQjix+5Lg0rCycqg4Mg77ZTlCklZ22nUXgB
DWkG/xqMWXVZOtUa+REYrTCg9Zo7qlbIniRGeGfGtXYXI023clJH7QkSOEVbCzju
SMG+mvRVGJVEWmkoD6mUqzgs+VpoJ9/f1OV5iZjeYRN7fDUYgZzYuWJp3fYmlvHj
3oiAN7UrcUwESgoVl+Ga2VFJd+3w0qBLM+3bORq0z1sUp9oJhFpLLtqRuQARAQAB
tEpTZWN1cmVEcm9wIFJlbGVhc2UgU2lnbmluZyBLZXkgPHNlY3VyZWRyb3AtcmVs
ZWFzZS1rZXktMjAyMUBmcmVlZG9tLnByZXNzPokCVAQTAQoAPhYhBCNZ5lOMBhPm
UpVebBiO3Tt7IuajBQJgmWatAhsDBQkCKbYABQsJCAcDBRUKCQgLBRYCAwEAAh4B
AheAAAoJEBiO3Tt7IuajwuMP/3HGnRKTgRLdxeL/8tK4E204N+W3dPYhge1sFLeD
ak0vXQeTzxizU/1Hi1+qLv+XRpKziPE0gvKnc8wThPhJ+G93hEAqI/Es4VIklzbB
f/xhLeE54wk6tqz+wy4ugoq0NrRTLFRXT2SXA/enSxaH16fk/5LcNF0V8CTvoaGn
5kvhZCSPJyw7eqPZGjH2pxy33sktprEAjN7aXuIHw3IiRHmrqgqSCpjn5rEEXO3Y
u8osqh5ZdVQLnmtQiosA4IVNOKRJU9nTDnIVducx+RLG3Bz3Qf7/mmRC+M3hqGWB
skk0c2+DtspsNyZh1E+8II3qVGqFwMBovSI0wPX3IOK4Wb91dz3/n8Ahc2N7pBY3
7wH1GHjT/2Bv80F5d3bbUJVFDLEFFMSUcj4E6dxU38XkbBTODrOYcjzlIT6uK/XH
Q61fE1e7PSVeNqr6eIqqaTdNZaOJNtlO5umYx0WQawKT72eznPW6HJkX5cfuTj9H
ARwRCNOTpipOo499bMtk7UjJcTwc9KOxJeKDkbMUfe/43Zp1njctWuv2e/NPz92J
Ma3BmLluuBR9HJTWKp8L6Ia55vhvtm3+hsgiTCf7gdpxkwRO7470ZeyZMZtARwxp
2wcIrqdOKW8Zwij2Zsi882PPJjR4N07KiEv9pUBtLzlX3VsHBFSu32klxW3cNlSZ
1eK/uQINBGCZZq0BEACq7CxMegB4JuC81VDZKNGgPvRfZYzvE9JGV9G/Gz2Ko8IN
tsBMbIQVXLndeuJZqYPTk5X6dPKJe6ik9WUSpdvpxLdy1FiVjvOMxaXvZCeXB8NS
jicHq8KWRrvgM15GGRo1vBC8BLyjh6tnImkmI86HNJEy3kvN7OjgFeXactO4yXaP
Gu4J8OglAYOLvNjamriY/ExFS5uURrmHgJB9beEFY+XS7FbUj81R3H64XCKlKIVu
ZWmkVHWKqZGdpax9eDWnT7NGrBaZ0DKHKHkim423WAwiqq1YpBpBO586F/ZPdHJE
pOO8U0jc2NPBH5+kw4mpkerhbmd89NKRBccZwYVv04EYtyQz7GayBREa7Kwj5bq3
sAE+DqRgeWFLBVWdaeU98zawLR15Qsx85cGvxFJaE9LyPWHyHSlJeyrT0hNE02HG
3Snvf+ZFqwFgPpYFZ5nO8BTW1S+nrYXZGirslIqfFs0lg1d0B48cTtg4MESouZ+6
bZDWR/47s6jicncfYVNqSH5d1Ifj8guuxDQZyJLEh18kcOH0wezt7lM/H6kXZnDz
slOJUAubUgpZ/IbTgdd49UW93QepI+ynuwSogqIPf521XAU/Or7OY+t7J2e1VaCC
zvez+oiZ6GWh6lBpccPUnDWtti3U2i5hK4swGFa3Uvi6UwbZHihi/iUip4uKxQAR
AQABiQI8BBgBCgAmFiEEI1nmU4wGE+ZSlV5sGI7dO3si5qMFAmCZZq0CGwwFCQIp
tgAACgkQGI7dO3si5qNAJhAAsjrKyJY1A814QI82Jk1BcpbYRpr5D11/Y8okj142
Ury/14yVJ1mdFNIqXiKaazR2UJef+W7EZYXWEUFC4BpYFC75tnGAIuKpdBjd6hiJ
Z+sWi10eit3IejAwHkbzRTCvPEDxaQTK1EEB/AKE+9fJhnjIVIIYLgIRYwvNBT/S
J5A1OhoSHtYppD8FpGFw7Hl/t9DK5YETyvY8vkqAMZ9rxp9ZdLni9NsgHa4SCxb/
1t9ixziUdwbBH0ulHJF3D3Gv6U4Rtcjyi/CLwMaC9pJ7PfISQBYL0USkL9WUYTy7
IPn60fcvrXIx0ZoR0T4L5rbIQpJ89bVvyT2a1BTFo0zp46hzq9O5g6dr3oB94UKf
bYxNOjNwyMmSyT/JVHzS5H8RAk9UdXmJZXuUFGlPJwfqakGOzZm+X8m6bfbALS++
b0CAfkWVLNSASXdkK0du5XpIEFFca2qc0vxgqNFDNJC9lrjIx95Bxiql8kOhhloo
/mXz7rZl9vbXBespZCMosFlatkL6hnFm28IIb8vOwGrOuToxyJUQcD8u6iT8kpWF
j5EBqojf1VEaYOogVX8kBFfNTUWmHslD44f46IqIm/lE/wAGev3Aec+olqdD1B75
hdWwJXNaMxCYVofIgihTMKUeSuXHXNajtwbcUJYyeX4X/LrknXu5EoBfUIXZEZ/J
u3U=
=pCIa
-----END PGP PUBLIC KEY BLOCK-----
0 ...ion/securedrop-release-signing-pubkey.asc → ...uredrop-release-signing-pubkey-LEGACY.asc
View file
File renamed without changes.
2 changes: 1 addition & 1 deletion tests/test_dom0_rpm_repo.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ class SD_Dom0_Rpm_Repo_Tests(unittest.TestCase):
pubkey_wanted = ""
yum_repo_url = ""
pubkey_actual = "/etc/pki/rpm-gpg/RPM-GPG-KEY-securedrop-workstation" # noqa
pubkey_wanted_prod = "sd-workstation/securedrop-release-signing-pubkey.asc"
pubkey_wanted_prod = "sd-workstation/securedrop-release-signing-pubkey-2021.asc"
pubkey_wanted_test = "sd-workstation/apt-test-pubkey.asc"
yum_repo_url_prod = "https://yum.securedrop.org/workstation/dom0/f25"
yum_repo_url_test = "https://yum-test.securedrop.org/workstation/dom0/f25"
Expand Down

0 comments on commit e180ad0

Please sign in to comment.