-
Notifications
You must be signed in to change notification settings - Fork 437
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[backend] bs_admin: add option to replace a project's signing key #4910
[backend] bs_admin: add option to replace a project's signing key #4910
Conversation
241869f
to
65d0053
Compare
the sslcert should become optional. And you are aware that it needs to match the gpg key? Maybe this should be added to the help. |
please add that the key must have no passphrase. (mls would even prefer when the encryption would be done by bs_admin instead of having it in the help, but I would also merge it this way :) |
61a136d
to
22af60e
Compare
@adrianschroeter thanks for the review!
Ok, done. Not passing it means it will be removed if present - otherwise it won't match anymore.
Yes - done, better to specify it, I agree.
Good point, done.
It could, but then one would have to copy the private key in plain text on the backend server, where multiple admins might have access, right? This way instead it can be encrypted off box by whoever is responsible (yes it can be decrypted after the fact by the admins of the signer machine, but that's supposed to be separate and restricted). I can try and make that optional if you feel like it would be useful. |
It is sometimes useful to be able to sign with existing keys, perhaps due to corporate policies (EG: for EFI Secure Boot). It is not enough to substitute a project's _signkey and _pubkey on the filesystem, the database has to be updated or the previous _sslcert will be used, since that is never stored on the disk. Add a new --update-project-signing-key option to bs_admin to facilitate the operation for an administrator.
22af60e
to
10b8486
Compare
@adrianschroeter what is the state of htis? 😕 |
A bit stuck :-) Please let me know if there's anything else I can do to help get this merged. Thanks! |
It is sometimes useful to be able to sign with existing keys, perhaps
due to corporate policies (EG: for EFI Secure Boot).
It is not enough to substitute a project's _signkey and _pubkey on the
filesystem, the database has to be updated or the previous _sslcert
will be used, since that is never stored on the disk.
Add a new --update-project-signing-key option to bs_admin to facilitate
the operation for an administrator.