New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sign build artifacts using GPG #8

Closed
simonswine opened this Issue Oct 20, 2017 · 1 comment

Comments

Projects
None yet
1 participant
@simonswine
Member

simonswine commented Oct 20, 2017

Currently we rely on hashsum check when downloading wing to the instances. We should have a GPG key pair that is used to sign the binaries during the build process and verify the authenticity of the binaries later.

simonswine added a commit to simonswine/tarmak that referenced this issue Nov 21, 2017

@simonswine simonswine self-assigned this Nov 23, 2017

@simonswine

This comment has been minimized.

Member

simonswine commented Dec 6, 2017

Fixed through #58, signatures for older release added

@simonswine simonswine closed this Dec 6, 2017

charlieegan3 added a commit to charlieegan3/tarmak that referenced this issue Aug 17, 2018

Merge pull request jetstack#8 from Babylonpartners/latest-selinux-pol…
…icy-package

Latest selinux policy package
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment