Closed woky closed 9 months ago
The tests are failing because we are missing the keys in the chisel-releases' chisel.yaml file right?
Indeed. I've split the commit that adds signature verification into #102. That way, this PR can be merged with CI checks passed. Then, after keyrings are merged into chisel-releases (see the PRs), #102 can be merged.
Support OpenPGP keyrings in release
This commit extends the chisel release with keyring definitions. Keyrings are defined in ASCII armored format in the top-level public-keys property by name. Keyrings are referenced by name in the public-keys list property in archive definitions. An example of the extended chisel release file is at the bottom.
This commit uses the newly added github.com/ProtonMail/go-crypto/openpgp package dependency[1]. This package is a maintained fork of the deprecated golang.org/x/crypto/openpgp package[2][3].
[1] https://github.com/ProtonMail/go-crypto [2] https://pkg.go.dev/golang.org/x/crypto/openpgp [3] https://golang.org/issue/44226
Example chisel.yaml: