Feature #6193: Sign published artifacts checksums

Feature #6193

Sign published artifacts checksums

Added by bertagaz about 12 years ago. Updated about 11 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Infrastructure

Target version:

Sustainability_M1

Start date:

2013-09-09

Due date:

% Done:

100%

Feature Branch:

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

We might want to provide a way to verify the jenkins autobuild isos published on nightly.t.b.o. That way we can have people safely downloading an trying them.

Point is that we can’t use our main pgp signing key for this task, as it will be used on a remote server.

We might end on using a signing subkey or more likely to manage a new secret key, signed by our main one.

Subtasks

Feature #6266: Add an OpenPGP key on builder.lizard to sign Jenkins artifacts

Resolved

Feature #6267: Add checksum signing ability to the Tails build script

Resolved

Feature #6268: Adapt the Jenkins artifacts rotation script

Resolved

History

#1 Updated by intrigeri about 12 years ago

Status changed from Confirmed to Fix committed
Assignee deleted (~~bertagaz~~)

#2 Updated by intrigeri about 12 years ago

Status changed from Fix committed to Resolved

#3 Updated by intrigeri about 11 years ago

Category changed from 171 to Infrastructure