Add documentation about package signing model #30939
Conversation
kotfic
added
documentation
There was a problem hiding this comment.
Thanks @kotfic this is looking really great 🎉
I've requested some minor changes, but the main issue might be that the docs build is failing. There are a few places where double backtics are not closed, which might account for most of the doc build errors. Also, this needs to be linked from somewhere in the table of contents or somewhere doesn't it? I think that's causing the final error.
Doc build errors:
/home/docs/checkouts/readthedocs.org/user_builds/spack/checkouts/30939/lib/spack/docs/signing.rst:307: WARNING: Inline literal start-string without end-string.
/home/docs/checkouts/readthedocs.org/user_builds/spack/checkouts/30939/lib/spack/docs/signing.rst:349: WARNING: Inline literal start-string without end-string.
/home/docs/checkouts/readthedocs.org/user_builds/spack/checkouts/30939/lib/spack/docs/signing.rst:427: WARNING: Inline literal start-string without end-string.
/home/docs/checkouts/readthedocs.org/user_builds/spack/checkouts/30939/lib/spack/docs/signing.rst:427: WARNING: Inline literal start-string without end-string.
/home/docs/checkouts/readthedocs.org/user_builds/spack/checkouts/30939/lib/spack/docs/signing.rst:427: WARNING: Inline literal start-string without end-string.
looking for now-outdated files... none found
pickling environment... done
checking consistency... /home/docs/checkouts/readthedocs.org/user_builds/spack/checkouts/30939/lib/spack/docs/signing.rst: WARNING: document isn't included in any toctree
|
This appears to be passing now except for a warning about not being included in any toctree. @tgamblin Where would you like this documentation linked from? Thanks! |
kotfic
changed the title
|
Is this PR just waiting for another review? |
|
What about inserting it below the sections on CI pipelines? That seems the appropriate place to me since we would introduce CI pipelines first, and then explain how we are signing the buildcaches from our public pipelines. Does that seem fine? |
Yes, that makes sense to me. |
|
@kotfic If you have time to push this forward, I'll try to prioritize review to it. |
|
@scottwittenburg @zackgalbreath Can you double check if what is written here is still up to date? If so I'll take care of fixing the readthedocs failure and merge the PR. |
|
I just read through it again, and yes, this is still an accurate and complete description of our package signing model. |
|
Thanks @scottwittenburg I'll try to merge this one asap then |
This PR provides documentation for the current AWS based package signing approach and serves as part of a larger data integrity assurance case.