Sign Packages (!1771) · Merge requests · GitLab.org / omnibus-gitlab · GitLab

Do not update/delete: Banner broadcast message test data

Do not update/delete: Notification broadcast message test data

Jason Plum requested to merge sign-packages-deb into master Jul 19, 2017

Update https://gitlab.com/gitlab-org/omnibus-gitlab now that we have merged https://gitlab.com/gitlab-org/omnibus/merge_requests/7

This adds:

Signing of RPMs (rpm --addsign)
Signing of DEBs (debsigs format)
Necessary changes to get the GnuPG keys in place for signing.

Relations:

Related to https://gitlab.com/gitlab-org/omnibus-gitlab/issues/2537
Related to https://gitlab.com/gitlab-org/omnibus-gitlab/issues/1054
Replaces https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests/922
Replaces https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests/1718
Replaces https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests/1752
Implements https://gitlab.com/gitlab-org/omnibus/merge_requests/7

TODO

Merge this
Implement new keypair
- Generate new keypair
- Upload to appropriate bucket
- Change/add values for GPG_PASSPHRASE and SECRET_AWS_*
- Upload pubkeys to PackageCloud repositories
- Write documentation for users to enable the checking of package signatures
Activate in production branches

Edited Aug 08, 2017 by Jason Plum