Open g-k opened 3 years ago
Currently, the monitor skips verifying signatures from signers with type pgp, gpg2, and apk2, because it probably requires shelling out to gpg or apksigner.
gpg
apksigner
https://github.com/mozilla-services/autograph/blob/master/tools/autograph-monitor/monitor.go#L180 https://github.com/mozilla-services/autograph/blob/master/tools/autograph-monitor/monitor.go#L180
After containerizing the monitor lambda we could:
See also https://github.com/mozilla-services/cloudops-deployment/pull/4236#issuecomment-846014573 (private link)
Currently, the monitor skips verifying signatures from signers with type pgp, gpg2, and apk2, because it probably requires shelling out to
gpg
orapksigner
.https://github.com/mozilla-services/autograph/blob/master/tools/autograph-monitor/monitor.go#L180 https://github.com/mozilla-services/autograph/blob/master/tools/autograph-monitor/monitor.go#L180
After containerizing the monitor lambda we could: