Sign our RPMs #144
Comments
ghost
assigned 
|
rpm --addsign on Ubuntu 10.04 won't work, seemingly because librpmsign0 is not available until 11.10. Given the dependencies on libc6 (>= 2.4), this is unlikely to work on our 10.04 boxes. |
|
Verified on 12.04, rpm --addsign works. |
|
Done manually this time. Requires to rejigger our package production pipeline to get full automation. |
|
Actually signature is marked as bad. |
|
This has come up recently in regards to our hosted meld3 rpm. DataDog/chef-datadog#89 |
|
One ref here: http://systembash.com/content/simple-guide-to-signing-rpms-with-fpm/ |
|
We could definitely do it now that we are building the agent on ubuntu 14.04. We'll need to change or scripts to distribute the public key. Let's do that for 5.1.0. |
|
Too many pitfalls to tackle for now. See: http://technosorcery.net/blog/2010/10/10/pitfalls-with-rpm-and-gpg/ Adding some prerequisite tasks to our operations backlog so we can do the RPM signing cleanly. cc: @miketheman |
|
I think we need to sign on a Fedora box to be on the safe side. I did have issues early on, trying to sign it on Ubuntu 10.04. |
|
@elafarge do you know what's the status ? Is it still maintained for the 5.5.0 agent release ? |
|
@yannmh Yep, signing is currently enabled. We just need to put the "real" key on CircleCI and we're done. |
|
Oh and I don't have that key :/ |
|
Going out with our 5.5.0 release. |
Our DEBs are signed with http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0x226AE980C7A7DA52. Do the same for RPMs.
The text was updated successfully, but these errors were encountered: