-
Notifications
You must be signed in to change notification settings - Fork 466
kube-aws: installation instructions include GPG verification #361
Conversation
\cc @dghubble |
chmod +x kube-aws | ||
# Add kube-aws binary to your PATH | ||
#Verify GPG signature | ||
gpg --default-key FC8A365E --verify kube-aws-${PLATFORM}-amd64.tar.gz.sig kube-aws-${PLATFORM}-amd64.tar.gz |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can drop the --default-key. gpg ignores it and just ensures the signature is valid. Also maybe use gpg2, but that's just my preference.
Otherwise, LGTM |
ed0eefe
to
d3e3758
Compare
lgtm. /cc @joshix @robszumski for doc changes |
|
||
#Validate the key fingerprint | ||
gpg2 --fingerprint FC8A365E | ||
# Key fingerprint = 18AD 5014 C99E F7E3 BA5F 6CE9 50BD D3E0 FC8A 365E |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this the actual output? can we just show it?
$ gpg2 --keyserver pgp.mit.edu --recv-key FC8A365E
$ gpg2 --fingerprint FC8A365E
Key fingerprint = 18AD 5014 C99E F7E3 BA5F 6CE9 50BD D3E0 FC8A 365E
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The actual output is depends on their trust state and also lists subkeys (which will grow over time), so we've just been showing the primary key fingerprint in etcd release notes and coreos-baremetal, then linking to the full key.
gpg key fingerprint is: 18AD 5014 C99E F7E3 BA5F 6CE9 50BD D3E0 FC8A 365E
b4cf8ce
to
8a290fb
Compare
@joshix @robszumski docs changes enacted. no more instructables in the sh blocks ;) |
@colhom PTBF. If you want to get really fancy, add colons |
gpg2 --verify kube-aws-${PLATFORM}.tar.gz.sig kube-aws-${PLATFORM}.tar.gz | ||
``` | ||
Extract the binary | ||
```sh |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
add a newline before the code block, our markdown render chokes on this even though github doesn't
da6a11c
to
f80ecf3
Compare
Throwing binaries on S3 is not advisable when we also have the github release tarballs as well, so we won't be doing that anymore.
Throwing binaries on S3 is not advisable when we also have the github release tarballs as well, so we won't be doing that anymore.