Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Docs]: Publish or point to where the GPG public key is for verification of RPM/DEB packages #383

Open
neilamoore opened this issue Feb 4, 2025 · 1 comment
Open

[Docs]: Publish or point to where the GPG public key is for verification of RPM/DEB packages #383

neilamoore opened this issue Feb 4, 2025 · 1 comment
Assignees
@tashian
Labels
needs triage

Comments

@neilamoore
Copy link

Hello!

  • Vote on this issue by adding a 👍 reaction
  • If you want to document this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Affected area/feature

The documentation as it stands documents how to use cosign to verify release artifacts, which works great. However, the RPM and DEB artifacts are additionally GPG-signed and if GPG signature verification is done (e.g. 'rpm -K') verification will not succeed because there is no GPG public key available to verify the signature. I would expect such a GPG public key to be in the release artifacts alongside the cosign keys/signatures but it appears to be missing.

I have scoured the documentation and the repository and cannot find anything resembling a GPG public key, though I see references to a GPG private key in the '.goreleaser.yml' file.
@hslatman
Copy link
Member

hslatman commented Feb 4, 2025

CA, CLI, KMS plugin

@tashian tashian transferred this issue from smallstep/certificates Feb 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tashian tashian

Labels
needs triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tashian @hslatman @neilamoore