mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2025-01-05 10:34:10 +01:00
ecb032c53b
The key is used for signing the releases, so the users can be sure the images on the mirrors haven't been modified. arch-boxes has been tweaked to use the key in this MR[1]. [1] https://gitlab.archlinux.org/archlinux/arch-boxes/-/merge_requests/176 |
||
|---|---|---|
| .. | ||
| arch-boxes.asc | ||
| README.md | ||
| renovate.asc | ||
Keys
This directory contains the GPG master and signing keys used by the following projects:
- Renovate for signing commits
- arch-boxes for signing releases
The Renonvate keys were generated with the following commands:
$ export GNUPGHOME="$(mktemp -d)"
$ gpg --quick-generate-key 'renovate <renovate@archlinux.org>' rsa4096 cert never
$ key_id="$(gpg --with-colons --list-keys renovate@archlinux.org | awk -F : '$1 == "fpr" {print $10;exit}')"
$ gpg --quick-add-key "${key_id}" rsa4096 sign 5y
$ gpg --armor --export-secret-keys "${key_id}"
$ gpg --armor --export-secret-subkeys "${key_id}"
$ rm -r "${GNUPGHOME}"
The arch-boxes keys were generated with the following commands:
$ export GNUPGHOME="$(mktemp -d)"
$ gpg --quick-generate-key 'arch-boxes <arch-boxes@archlinux.org>' ed25519 cert never
$ key_id="$(gpg --with-colons --list-keys arch-boxes@archlinux.org | awk -F : '$1 == "fpr" {print $10;exit}')"
$ gpg --quick-add-key "${key_id}" ed25519 sign 5y
$ gpg --armor --export-secret-keys "${key_id}"
$ gpg --armor --export-secret-subkeys "${key_id}"
$ rm -r "${GNUPGHOME}"
The exported signing keys have been added as GitLab CI/CD variables to the projects. The master keys and a copy of the signing keys are stored in the renovate.asc and arch-boxes.asc file.