github-personal/matchbox
1
0
Fork 0
mirror of https://github.com/outbackdingo/matchbox.git synced 2026-01-27 10:19:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update Matchbox release signing process

Browse Source 
* Matchbox releases will be signed by my GPG key,
like other projects in the poseidon org
This commit is contained in:
Dalton Hubble
2019-05-07 00:02:22 -07:00
parent cefa31c8e4
commit e1d2d8fcc9
3 changed files with 10 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES.md
View File

@@ -12,6 +12,8 @@ Notable changes between releases.
* Validate raw Ignition configs with the v2.2 spec (warn-only)
* Fix warnings that v2.2 configs are too new
Note: Release signing key [has changed](https://github.com/poseidon/matchbox/blob/v0.8.0/Documentation/deployment.md) with the project move.
### Examples
* Update Kubernetes example clusters to v1.14.1 (Terraform-based)

19
Documentation/deployment.md
View File

@@ -24,12 +24,12 @@ $ wget https://github.com/poseidon/matchbox/releases/download/v0.7.1/matchbox-v0
$ wget https://github.com/poseidon/matchbox/releases/download/v0.7.1/matchbox-v0.7.1-linux-amd64.tar.gz.asc
```
Verify the release has been signed by the [CoreOS App Signing Key](https://coreos.com/security/app-signing-key/).
Verify the release has been signed by Dalton Hubble's [GPG Key 8F515AD1602065C8](https://keyserver.ubuntu.com/pks/lookup?search=0x8F515AD1602065C8&op=vindex).
```sh
$ gpg --keyserver pgp.mit.edu --recv-key 18AD5014C99EF7E3BA5F6CE950BDD3E0FC8A365E
$ gpg --keyserver keyserver.ubuntu.com --recv-key 8F515AD1602065C8
$ gpg --verify matchbox-v0.7.1-linux-amd64.tar.gz.asc matchbox-v0.7.1-linux-amd64.tar.gz
# gpg: Good signature from "CoreOS Application Signing Key <security@coreos.com>"
gpg: Good signature from "Dalton Hubble <dghubble@gmail.com>"
```
Untar the release.
@@ -260,19 +260,6 @@ Review [network setup](https://github.com/poseidon/matchbox/blob/master/Document
CoreOS provides [dnsmasq](https://github.com/poseidon/matchbox/tree/master/contrib/dnsmasq) as `quay.io/coreos/dnsmasq`, if you wish to use rkt or Docker.
## rkt
Run the container image with rkt.
latest or most recent tagged `matchbox` [release](https://github.com/poseidon/matchbox/releases) ACI. Trust the [CoreOS App Signing Key](https://coreos.com/security/app-signing-key/) for image signature verification.
```sh
$ mkdir -p /var/lib/matchbox/assets
$ sudo rkt run --net=host --mount volume=data,target=/var/lib/matchbox --volume data,kind=host,source=/var/lib/matchbox quay.io/poseidon/matchbox:latest --mount volume=config,target=/etc/matchbox --volume config,kind=host,source=/etc/matchbox,readOnly=true -- -address=0.0.0.0:8080 -rpc-address=0.0.0.0:8081 -log-level=debug
```
Create machine profiles, groups, or Ignition configs by adding files to `/var/lib/matchbox`.
## Docker
Run the container image with docker.

10
Documentation/dev/release.md
View File

@@ -50,14 +50,14 @@ Verify the reported version.
## Signing
Sign the release tarballs with a [CoreOS App Signing Key](https://coreos.com/security/app-signing-key/) subkey.
Release tarballs are signed by Dalton Hubble's [GPG Key 8F515AD1602065C8](https://keyserver.ubuntu.com/pks/lookup?search=0x8F515AD1602065C8&op=vindex)
```sh
cd _output
gpg2 --armor --local-user A6F71EE5BEDDBA18! --detach-sign matchbox-$VERSION-linux-amd64.tar.gz
gpg2 --armor --local-user A6F71EE5BEDDBA18! --detach-sign matchbox-$VERSION-darwin-amd64.tar.gz
gpg2 --armor --local-user A6F71EE5BEDDBA18! --detach-sign matchbox-$VERSION-linux-arm.tar.gz
gpg2 --armor --local-user A6F71EE5BEDDBA18! --detach-sign matchbox-$VERSION-linux-arm64.tar.gz
gpg2 --armor --detach-sign matchbox-$VERSION-linux-amd64.tar.gz
gpg2 --armor --detach-sign matchbox-$VERSION-darwin-amd64.tar.gz
gpg2 --armor --detach-sign matchbox-$VERSION-linux-arm.tar.gz
gpg2 --armor --detach-sign matchbox-$VERSION-linux-arm64.tar.gz
```
Verify the signatures.