Sign Packages

Update https://gitlab.com/gitlab-org/omnibus-gitlab now that we have merged https://gitlab.com/gitlab-org/omnibus/merge_requests/7

This adds:

• Signing of RPMs (rpm --addsign)
• Signing of DEBs (debsigs format)
• Necessary changes to get the GnuPG keys in place for signing.

Relations:

• Related to https://gitlab.com/gitlab-org/omnibus-gitlab/issues/2537
• Related to https://gitlab.com/gitlab-org/omnibus-gitlab/issues/1054
• Replaces https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests/922
• Replaces https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests/1718
• Replaces https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests/1752
• Implements https://gitlab.com/gitlab-org/omnibus/merge_requests/7

TODO

• Merge this
• Implement new keypair
  • Generate new keypair
  • Upload to appropriate bucket
  • Change/add values for GPG_PASSPHRASE and SECRET_AWS_*
  • Upload pubkeys to PackageCloud repositories
  • Write documentation for users to enable the checking of package signatures
• Activate in production branches

rubocop stage seems to be failing because it can't properly handle the commit sha for omnibus?

(because it needed to be pushed/sync'd to dev)

approved this merge request

assigned to @marin

changed milestone to %9.5

merged

mentioned in commit 1b687a4c

mentioned in merge request !922 (closed)

marked the checklist item Merge this as completed

marked the checklist item Write documentation for users to enable the checking of package signatures as completed

marked the checklist item Generate new keypair as completed

marked the checklist item Change/add values for GPG_PASSPHRASE and SECRET_AWS_* as completed

marked the checklist item Upload to appropriate bucket as completed

marked the checklist item Activate in production branches as completed

marked the checklist item Implement new keypair as completed

marked the checklist item Upload pubkeys to PackageCloud repositories as completed

mentioned in issue #2537 (closed)