Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

backports #5930 to 1.8.2 release branch and updates to RC2 #5936

Merged
merged 3 commits into from May 11, 2021
Merged

backports #5930 to 1.8.2 release branch and updates to RC2 #5936

merged 3 commits into from May 11, 2021

Conversation

zenmonkeykstop
Copy link
Contributor

Status

Ready for review

Description of Changes

Towards #5929 - backports pubkey addition from #5930, bumps version to 1.8.2-rc2

Testing

Conor Schaefer and others added 3 commits May 11, 2021 13:52
@zenmonkeykstop
Adds new pubkey for Release Signing Key
82158f3 
Bumps the version of the `securedrop-keyring` package, preserving the
old/current release signing key, but adding a new pubkey.

  * Old/current fingerprint: 22245C81E3BAEB4138B36061310F561200F4AD77
  * New/next fingerprint: 2359E6538C0613E652955E6C188EDD3B7B22E6A3

This this is a soft rotation, we'll make sure that all instances have
the new key first, then later remove reference to the old key.

As with previous updates, here's the command I used to import the new
key into the keyring:

    gpg --no-default-keyring --keyring \
    install_files/securedrop-keyring/etc/apt/trusted.gpg.d/securedrop-keyring.gpg \
    --import \
    install_files/ansible-base/roles/install-fpf-repo/files/fpf-signing-key-2021.pub

Note the tweak to the target file to import, i.e. the "2021" suffix.

(cherry picked from commit c1cf240)
@zenmonkeykstop
Adds new signing key to GUI updater logic
e54b39f 
We still need to support both keys, during the transition period. Let's
make sure that the new key is added, and a signature from either is
considered valid.

(cherry picked from commit dd84f81)
@zenmonkeykstop
SecureDrop 1.8.2-rc2
4fafece
@zenmonkeykstop zenmonkeykstop added this to Ready for Review in SecureDrop Team Board May 11, 2021
@conorsch
Copy link
Contributor

CI is failing on the safety check. Looks like that's because #5888 is still missing from the point release, so that's as expected. OK to override for merge and press on with rc2.

@conorsch
Copy link
Contributor

OK, CI is also failing for deb-tests-focal, signalling that we should update the build container. We'll certainly do that for 1.8.2 final, but not necessary for 1.8.2~rc2, which is what we're working toward now. Proceeding with merge.

@conorsch conorsch merged commit 9157810 into release/1.8.2 May 11, 2021
SecureDrop Team Board automation moved this from Ready for Review to Done May 11, 2021
@rmol rmol deleted the update-1.8.2-with-key branch June 23, 2021 13:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@conorsch conorsch conorsch approved these changes

@emkll emkll Awaiting requested review from emkll

@kushaldas kushaldas Awaiting requested review from kushaldas kushaldas is a code owner

@redshiftzero redshiftzero Awaiting requested review from redshiftzero

Assignees
No one assigned
Labels
None yet
Projects
No open projects
SecureDrop Team Board
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@zenmonkeykstop @conorsch