Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Receive GPG key while publishing artifacts #271

Merged
merged 6 commits into from
Jun 5, 2020
Merged

Receive GPG key while publishing artifacts #271

merged 6 commits into from
Jun 5, 2020

Conversation

colekettler
Copy link
Contributor

@colekettler colekettler commented Jun 5, 2020
edited by rbreslow

Overview

This retrieves an up-to-date copy of the Geotrellis public GPG key during the cipublish build stage.

We've pushed a new signature to extend the expiration date on the public key that we've uploaded to public keyservers. The CircleCI build will now retrieve the latest copy of the public key, allowing us to renew the key in the future using the same procedure.

Checklist

  • Description of PR is in an appropriate section of the CHANGELOG and grouped with similar changes if possible

Testing Instructions

  • Verify that updated and valid Geotrellis GPG key is retrieved and verified during cipublish.
    • Verified by @rbreslow during pairing session.

Connects azavea/operations#446

@colekettler colekettler self-assigned this Jun 5, 2020
colekettler
colekettler commented Jun 5, 2020
View reviewed changes
.circleci/config.yml
Comment on lines -29 to -30
gpg --batch \
--passphrase "${GPG_PASSPHRASE}" \
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because we're not using passphrase for this key, the --batch and --passphrase options are unnecessary.

@colekettler colekettler marked this pull request as ready for review June 5, 2020 15:51
@colekettler colekettler requested a review from rbreslow June 5, 2020 15:59
rbreslow
rbreslow approved these changes Jun 5, 2020
View reviewed changes
Copy link
Contributor

@rbreslow rbreslow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@colekettler colekettler merged commit 84553e7 into develop Jun 5, 2020
@colekettler colekettler deleted the feature/cek/receive-gpg-key branch June 5, 2020 16:07
rbreslow
rbreslow reviewed Jun 5, 2020
View reviewed changes
.circleci/config.yml
@@ -25,10 +25,10 @@ aliases:
- run:
name: "Import signing key"
command: |
gpg --keyserver keyserver.ubuntu.com \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's worth surfacing that we're specifying the Ubuntu keyserver here to mirror the approach taken by @jodersky. Through testing, I've found that this keyserver was updated more quickly than the default.

@rbreslow rbreslow mentioned this pull request Jun 10, 2020
Merged
1 task
@rbreslow rbreslow mentioned this pull request Jun 30, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rbreslow rbreslow rbreslow approved these changes

Assignees

@colekettler colekettler

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@colekettler @rbreslow