Closed fenxiong closed 2 years ago
ecs anywhere install script has a requirement that dirmngr must be available on the instance https://github.com/aws/amazon-ecs-init/blame/master/scripts/ecs-anywhere-install.sh#L550 in order to check the ecs init package signature. This was originally added because it's needed in order to import gpg key from key server https://github.com/aws/amazon-ecs-init/pull/415. but then the dependency on gpg key server is removed https://github.com/aws/amazon-ecs-init/pull/418 and the dirmngr dependency doesn't seem necessary anymore. we need to verify if this dependency is indeed not needed now and remove the check if that's the case.
See above.
If dirmngr is not needed for checking the signature, script should check the signature even if dirmngr is not there.
script skipped checking package signature when dirmngr not available.
fixed in https://github.com/aws/amazon-ecs-init/pull/464
fenxiong
commented
2 years ago fenxiong
commented
2 years ago
Summary
ecs anywhere install script has a requirement that dirmngr must be available on the instance https://github.com/aws/amazon-ecs-init/blame/master/scripts/ecs-anywhere-install.sh#L550 in order to check the ecs init package signature. This was originally added because it's needed in order to import gpg key from key server https://github.com/aws/amazon-ecs-init/pull/415. but then the dependency on gpg key server is removed https://github.com/aws/amazon-ecs-init/pull/418 and the dirmngr dependency doesn't seem necessary anymore. we need to verify if this dependency is indeed not needed now and remove the check if that's the case.
Description
See above.
Expected Behavior
If dirmngr is not needed for checking the signature, script should check the signature even if dirmngr is not there.
Observed Behavior
script skipped checking package signature when dirmngr not available.
Environment Details
Supporting Log Snippets