Feature #6193

Sign published artifacts checksums

Added by bertagaz 2013-07-26 12:48:05 . Updated 2014-03-06 20:51:02 .

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Infrastructure
Target version:
Start date:
2013-09-09
Due date:
% Done:

100%

Feature Branch:
Type of work:
Code
Blueprint:

Starter:
0
Affected tool:
Deliverable for:

Description

We might want to provide a way to verify the jenkins autobuild isos published on nightly.t.b.o. That way we can have people safely downloading an trying them.

Point is that we can’t use our main pgp signing key for this task, as it will be used on a remote server.

We might end on using a signing subkey or more likely to manage a new secret key, signed by our main one.


Subtasks

Feature #6266: Add an OpenPGP key on builder.lizard to sign Jenkins artifacts Resolved

0

Feature #6267: Add checksum signing ability to the Tails build script Resolved

0

Feature #6268: Adapt the Jenkins artifacts rotation script Resolved

0


History

#1 Updated by intrigeri 2013-10-03 06:54:32

  • Status changed from Confirmed to Fix committed
  • Assignee deleted (bertagaz)

#2 Updated by intrigeri 2013-10-29 11:12:14

  • Status changed from Fix committed to Resolved

#3 Updated by intrigeri 2014-03-06 20:51:02

  • Category changed from 171 to Infrastructure