Bug #11828: Document how we manage the Jenkins' artifact signing key used by isobuilders

Bug #11828

Document how we manage the Jenkins' artifact signing key used by isobuilders

Added by intrigeri 2016-09-23 03:04:06 . Updated 2017-03-02 09:08:00 .

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Continuous Integration

Target version:

Tails_2.11

Start date:

2016-09-23

Due date:

% Done:

100%

Feature Branch:

Type of work:

Contributors documentation

Blueprint:

Starter:

Affected tool:

Deliverable for:

280

Description

That key expired yesterday, and I could not find any place where we document how to distribute that key, let alone manage it with Puppet. So it seems that I’ll have to distribute the updated key by hand. IMO we should do the documentation part now, and file a ticket wrt. managing it with Puppet some day.

Subtasks

History

#1 Updated by intrigeri 2016-09-23 03:04:43

Deliverable for set to SponsorS_Internal

#3 Updated by anonym 2016-12-14 20:11:27

Target version changed from Tails_2.9.1 to Tails 2.10

#4 Updated by intrigeri 2016-12-18 09:56:57

Target version changed from Tails 2.10 to Tails_2.11

#5 Updated by bertagaz 2017-02-28 14:09:59

Assignee changed from bertagaz to intrigeri
QA Check set to Info Needed

intrigeri wrote:
> That key expired yesterday, and I could not find any place where we document how to distribute that key, let alone manage it with Puppet. So it seems that I’ll have to distribute the updated key by hand. IMO we should do the documentation part now, and file a ticket wrt. managing it with Puppet some day.

That’s actually what the tails_secret_jenkins puppet module is taking care of. I’ve imported the updated key there. Shall this still be documented somewhere?

#6 Updated by intrigeri 2017-02-28 14:37:49

Assignee changed from intrigeri to bertagaz
QA Check changed from Info Needed to Dev Needed

> Shall this still be documented somewhere?

Given I was not able to find out myself: yes, please :)

#7 Updated by bertagaz 2017-02-28 16:30:05

Status changed from Confirmed to In Progress
Assignee changed from bertagaz to intrigeri
% Done changed from 0 to 50
QA Check changed from Dev Needed to Ready for QA

intrigeri wrote:
> Given I was not able to find out myself: yes, please :)

Well, you did the exact same thing to handle the reprepro signing key. But I’ve pushed a new file in the sysadmin Git repo anyway, if you want to have a look.

#8 Updated by intrigeri 2017-03-01 10:55:33

> Well, you did the exact same thing to handle the reprepro signing key.

That’s entirely irrelevant here so I won’t argue about it.

#9 Updated by intrigeri 2017-03-02 09:02:54

Subject changed from Better manage Jenkins' artifact signing key used by isobuilders to Document how we manage the Jenkins' artifact signing key used by isobuilders

#10 Updated by intrigeri 2017-03-02 09:05:28

Status changed from In Progress to Resolved
% Done changed from 50 to 100

Applied in changeset commit:4192f55ace559ac7cb2ef7d43a131b8acc748ddf.

#11 Updated by intrigeri 2017-03-02 09:08:00

Assignee deleted (~~intrigeri~~)
QA Check changed from Ready for QA to Pass

bertagaz wrote:
> But I’ve pushed a new file in the sysadmin Git repo anyway, if you want to have a look.

Thanks! I’ve moved the relevant (i.e. non-trivial and non-obvious) bits of it to our public services config doc, as I see no reason to pretend this is secret, even more so after we’ve explained at length how it’s done on this very (public) ticket.

We can now move on to funnier stuff :)