-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add documentation about package signing model #30939
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @kotfic this is looking really great 🎉
I've requested some minor changes, but the main issue might be that the docs build is failing. There are a few places where double backtics are not closed, which might account for most of the doc build errors. Also, this needs to be linked from somewhere in the table of contents or somewhere doesn't it? I think that's causing the final error.
Doc build errors:
/home/docs/checkouts/readthedocs.org/user_builds/spack/checkouts/30939/lib/spack/docs/signing.rst:307: WARNING: Inline literal start-string without end-string.
/home/docs/checkouts/readthedocs.org/user_builds/spack/checkouts/30939/lib/spack/docs/signing.rst:349: WARNING: Inline literal start-string without end-string.
/home/docs/checkouts/readthedocs.org/user_builds/spack/checkouts/30939/lib/spack/docs/signing.rst:427: WARNING: Inline literal start-string without end-string.
/home/docs/checkouts/readthedocs.org/user_builds/spack/checkouts/30939/lib/spack/docs/signing.rst:427: WARNING: Inline literal start-string without end-string.
/home/docs/checkouts/readthedocs.org/user_builds/spack/checkouts/30939/lib/spack/docs/signing.rst:427: WARNING: Inline literal start-string without end-string.
looking for now-outdated files... none found
pickling environment... done
checking consistency... /home/docs/checkouts/readthedocs.org/user_builds/spack/checkouts/30939/lib/spack/docs/signing.rst: WARNING: document isn't included in any toctree
This appears to be passing now except for a warning about not being included in any toctree. @tgamblin Where would you like this documentation linked from? Thanks! |
Is this PR just waiting for another review? |
What about inserting it below the sections on CI pipelines? That seems the appropriate place to me since we would introduce CI pipelines first, and then explain how we are signing the buildcaches from our public pipelines. Does that seem fine? |
Yes, that makes sense to me. |
@kotfic If you have time to push this forward, I'll try to prioritize review to it. |
@scottwittenburg @zackgalbreath Can you double check if what is written here is still up to date? If so I'll take care of fixing the readthedocs failure and merge the PR. |
I just read through it again, and yes, this is still an accurate and complete description of our package signing model. |
Thanks @scottwittenburg I'll try to merge this one asap then |
This PR provides documentation for the current AWS based package signing approach and serves as part of a larger data integrity assurance case.