You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Run gpg -k <KEY ID> to verify that it matches the test signing key (make sure you have the test signing key referenced in the PR description in your GPG keyring)
Notes: I installed this template manually by sticking it into dom0 and running sudo dnf install. I attempted to install via qvm-template install path/to/rpm, as the source code for that tool would seem to support, but encountered an error: ERROR: Signature Verification Failed: -: digests SIGNATURES NOT OK. [Edit for anyone trying to repro: I just realized maybe this is cause the signing key needs to also be in another directory besides /etc/pki/rpm-gpg/, istr keys in 2 locations in early 4.1 rcs. To revisit later.]
I had already verified in a fedora vm with the test key that the rpm was signed correctly and that the sha256sum of the file I was installing in dom0 matched the hash of the file in that vm, so I proceeded with the dnf install and it worked fine. Just a heads up to our future selves since I'm pretty sure dnf install (and dnf remove) are not recommended in 4.1.
Run gpg -k <KEY ID> to verify that it matches the test signing key (make sure you have the test signing key referenced in the PR description in your GPG keyring)
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
sssoleileraaa
changed the title
Note that I am using a similar PR structure as we are aiming to introduce in the prod lfs repo (see freedomofpress/securedrop-yum-prod#31)
Description
Package being released:
qubes-template-securedrop-workstationPackage tag: https://github.com/freedomofpress/qubes-template-securedrop-workstation/releases/tag/0.3.0
Build logs: freedomofpress/build-logs@cd13710 (note that I had to rebuild the template so it's easier to look at the files without the diff view: https://github.com/freedomofpress/build-logs/blob/cd137103c2af006692e7e65561473a49c706139e/workstation/qubes-template-securedrop-workstation-bullseye-4.0.6-202206302135/)
Test signing key used to sign package and tag: https://github.com/freedomofpress/securedrop-workstation-dev-rpm-packages-lfs/blob/HEAD/pubkeys/test.key
Release tracking issue: freedomofpress/securedrop-yum-prod#33
Checklist for PR owner
Checklist for reviewer
QA
Follow QA test plan in tracking issue