Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

promote securedrop-workstation-dom0-config 0.7.0 to prod #37

Merged
merged 1 commit into from
Jul 6, 2022
Merged

promote securedrop-workstation-dom0-config 0.7.0 to prod #37

merged 1 commit into from
Jul 6, 2022

Conversation

sssoleileraaa
Copy link
Contributor

Description

Promoting package on yum-test to prod (see freedomofpress/securedrop-yum-test#38).

Package being released: securedrop-workstation-dom0-config 0.7.0
Package tag: https://github.com/freedomofpress/securedrop-workstation/releases/tag/0.7.0
Build logs: (see freedomofpress/securedrop-yum-test#38)
Prod signing key used to sign package and tag: https://github.com/freedomofpress/securedrop-workstation-prod-rpm-packages-lfs/blob/HEAD/pubkeys/prod.key

Release tracking issue: #33

Checklist for PR owner

Checklist for reviewer

  • CI is passing
  • The RPM is signed with the prod signing key
    • Download the signed RPM from this PR
    • Run rpm -qi <signed-rpm> to get the KEY ID
    • Run gpg -k <KEY ID> to verify that it matches the prod signing key (make sure you have the prod signing key referenced in the PR description in your GPG keyring)
  • The Unsigned RPM checksum matches what's in the build logs (follow steps below on Debian Buster)
    • Download the signed RPM from this PR (if you haven't already)
    • Run rpm --delsign <signed-rpm> to remove the signature
    • Run sha256sum <unsigned-rpm> and compare

@sssoleileraaa sssoleileraaa marked this pull request as ready for review July 6, 2022 19:55
@sssoleileraaa sssoleileraaa marked this pull request as draft July 6, 2022 19:56
@sssoleileraaa sssoleileraaa marked this pull request as ready for review July 6, 2022 20:43
@rocodes
Copy link
Contributor

rocodes commented Jul 6, 2022

Checklist for reviewer

  • CI is passing
  • The RPM is signed with the prod signing key
    • Download the signed RPM from this PR
    • Run rpm -qi <signed-rpm> to get the KEY ID
    • Run gpg -k <KEY ID> to verify that it matches the prod signing key (make sure you have the prod signing key referenced in the PR description in your GPG keyring)
  • The Unsigned RPM checksum matches what's in the build logs (follow steps below on Debian Buster)
    • Download the signed RPM from this PR (if you haven't already)
    • Run rpm --delsign <signed-rpm> to remove the signature
    • Run sha256sum <unsigned-rpm> and compare

@rocodes rocodes self-requested a review July 6, 2022 21:34
rocodes
rocodes approved these changes Jul 6, 2022
View reviewed changes
Copy link
Contributor

@rocodes rocodes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(Noticed a small date-formatting/creation issue in the build logs that has been fixed here: freedomofpress/securedrop-workstation#805, but as noted, fix can land in a subsequent release)

See my previous comment, test plan looks good, signing looks correct and artifact installs on 4.1.1 machine (currently staging artifact signed with test key).

Thanks Allie!

@rocodes rocodes merged commit b013887 into main Jul 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rocodes rocodes rocodes approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sssoleileraaa @rocodes