Skip to content
This repository has been archived by the owner on Sep 4, 2021. It is now read-only.

kube-aws: installation instructions include GPG verification #361

Merged
merged 1 commit into from
Apr 4, 2016
Merged

kube-aws: installation instructions include GPG verification #361

merged 1 commit into from
Apr 4, 2016

Conversation

colhom
Copy link
Contributor

@colhom colhom commented Mar 29, 2016

Throwing binaries on S3 is not advisable when we also have the github release tarballs as well, so we won't be doing that anymore.

@colhom
Copy link
Contributor Author

colhom commented Mar 29, 2016

\cc @dghubble

dghubble
dghubble reviewed Mar 29, 2016
View reviewed changes
multi-node/aws/README.md
chmod +x kube-aws
# Add kube-aws binary to your PATH
#Verify GPG signature
gpg --default-key FC8A365E --verify kube-aws-${PLATFORM}-amd64.tar.gz.sig kube-aws-${PLATFORM}-amd64.tar.gz
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can drop the --default-key. gpg ignores it and just ensures the signature is valid. Also maybe use gpg2, but that's just my preference.

@dghubble
Copy link
Member

Otherwise, LGTM

@colhom colhom added this to the v.0.5.2 milestone Mar 29, 2016
@aaronlevy
Copy link
Contributor

lgtm.

/cc @joshix @robszumski for doc changes

robszumski
robszumski reviewed Mar 31, 2016
View reviewed changes
multi-node/aws/README.md

#Validate the key fingerprint
gpg2 --fingerprint FC8A365E
# Key fingerprint = 18AD 5014 C99E F7E3 BA5F 6CE9 50BD D3E0 FC8A 365E
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this the actual output? can we just show it?

$ gpg2 --keyserver pgp.mit.edu --recv-key FC8A365E
$ gpg2 --fingerprint FC8A365E
Key fingerprint = 18AD 5014 C99E F7E3 BA5F  6CE9 50BD D3E0 FC8A 365E

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The actual output is depends on their trust state and also lists subkeys (which will grow over time), so we've just been showing the primary key fingerprint in etcd release notes and coreos-baremetal, then linking to the full key.

gpg key fingerprint is: 18AD 5014 C99E F7E3 BA5F  6CE9 50BD D3E0 FC8A 365E

@colhom colhom force-pushed the gpg-verification branch 2 times, most recently from b4cf8ce to 8a290fb Compare April 1, 2016 23:01
@colhom
Copy link
Contributor Author

colhom commented Apr 1, 2016

@joshix @robszumski docs changes enacted. no more instructables in the sh blocks ;)

@joshix
Copy link
Contributor

joshix commented Apr 1, 2016

@colhom PTBF. If you want to get really fancy, add colons : at the ends of each line before the command block it introduces. But if not, we can iterate that later.

robszumski
robszumski reviewed Apr 2, 2016
View reviewed changes
multi-node/aws/README.md
gpg2 --verify kube-aws-${PLATFORM}.tar.gz.sig kube-aws-${PLATFORM}.tar.gz
```
Extract the binary
```sh
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

add a newline before the code block, our markdown render chokes on this even though github doesn't

@colhom colhom force-pushed the gpg-verification branch 2 times, most recently from da6a11c to f80ecf3 Compare April 4, 2016 17:20
@colhom
kube-aws: installation instructions include GPG verification
f80ecf3 
Throwing binaries on S3 is not advisable when we also have the github release tarballs as well, so we won't be doing that anymore.
@colhom colhom merged commit 7b61e37 into coreos:master Apr 4, 2016
@colhom colhom deleted the gpg-verification branch April 4, 2016 17:33
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
kind/documentation reviewed/lgtm
Projects
None yet
Milestone
v.0.5.2
Development

Successfully merging this pull request may close these issues.
5 participants
@colhom @dghubble @aaronlevy @joshix @robszumski