Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support OpenPGP keyrings in release #100

Merged
merged 1 commit into from
Oct 20, 2023
Merged

Support OpenPGP keyrings in release #100

merged 1 commit into from
Oct 20, 2023

Commits on Oct 20, 2023

  1. Support OpenPGP keyrings in release 

    This commit extends the chisel release with keyring definitions.
Keyrings are defined in ASCII armored format in the top-level
public-keys property by name. Keyrings are referenced by name in the
public-keys list property in archive definitions. An example of the
extended chisel release file is at the bottom.

This commit uses the newly added github.com/ProtonMail/go-crypto/openpgp
package dependency[1]. This package is a maintained fork of the
deprecated golang.org/x/crypto/openpgp package[2][3].

[1] https://github.com/ProtonMail/go-crypto
[2] https://pkg.go.dev/golang.org/x/crypto/openpgp
[3] https://golang.org/issue/44226

Example chisel.yaml:

    format: chisel-v1
    archives:
      ubuntu:
        version: 22.04
        components: [main, universe]
        suites: [jammy, jammy-updates, jammy-security]
        public-keys: [ubuntu]
      ubuntu-fips:
        version: 22.04
        pro: fips
        components: [main]
        suites: [jammy]
        public-keys: [ubuntu-fips]
    public-keys:
      ubuntu: |
        -----BEGIN PGP PUBLIC KEY BLOCK-----

        mQINBFzZxGABEADSWmX0+K//0cosKPyr5m1ewmwWKjRo/KBPTyR8icHhbBWfFd8T
        DtYggvQHPU0YnKRcWits0et8JqSgZttNa28s7SaSUTBzfgzFJZgULAi/4i8u8TUj
        +KH2zSoUX55NKC9aozba1cR66jM6O/BHXK5YoZzTpmiY1AHlIWAJ9s6cCClhnYMR
        ...
        E+SWDGxtgwixyPziL56UavL/eeYJWeS/WqvGzZzsAtgSujFVLKWyUaRi0NvYW3h/
        I50Tzj0Pkm8GtgvP2UqAWvy+iRpeUQ2ji0Nc
        =j6+P
        -----END PGP PUBLIC KEY BLOCK-----
      ubuntu-fips: |
        -----BEGIN PGP PUBLIC KEY BLOCK-----

        mQINBE+tgXgBEADfiL1KNFHT4H4Dw0OR9LemR8ebsFl+b9E44IpGhgWYDufj0gaM
        /UJ1Ti3bHfRT39VVZ6cv1P4mQy0bnAKFbYz/wo+GhzjBWtn6dThYv7n+KL8bptSC
        Xgg1a6en8dCCIA/pwtS2Ut/g4Eu6Z467dvYNlMgCqvg+prKIrXf5ibio48j3AFvd
        ...
        mguPI1KLfnVnXnsT5JYMbG2DCLHI/OIvnpRq8v955glZ5L9aq8bNnOwC2BK6MVUs
        pbJRpGLQ29hbeH8jnRPOPQ+Sbwa2C8/ZSoBa/L6JGl5RDaOLQ1w=
        =6Bkw
        -----END PGP PUBLIC KEY BLOCK-----
    @woky
    woky committed Oct 20, 2023
    Configuration menu
    Copy the full SHA
    56cb966 View commit details
    Browse the repository at this point in the history