Explicitly manage our additions to the rpm keyring instead of appending #423
Comments
eloquence
moved this from Current Sprint (1/22-2/5)
to Nominated for next sprint
in SecureDrop Team Board
eloquence
moved this from Nominated for next sprint
to Current Sprint (2/5-2/19)
in SecureDrop Team Board
eloquence
moved this from Current Sprint (2/5-2/20)
to Near Term - SD Workstation
in SecureDrop Team Board
3 tasks
|
We may change approaches here slightly if we publish a keyring + repo bootstrapping package, but even if we do that, keys should be manually added and removed from the rpm dom0 database (see #953) - see eg steps at https://gist.github.com/rocodes/41a8dee0c9098445ea3629770c29c690 |
|
Per conversation yesterday, the keyring will be in its own repo, so removing "good first issue" for now - I have a preliminary .spec file for the new repo that I can push and I'll include example key management logic in the %post section. |
11 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In https://github.com/freedomofpress/securedrop-workstation/blob/master/sys-firewall/sd-copy-rpm-repo-pubkey.sh#L10 , we
rpm --importthe key. While this works as expected, we need to ensure the keys that are present are only the ones that we want (in prod, remove or ensure the dev key is removed)related to #406
The text was updated successfully, but these errors were encountered: