Closed bLuka closed 6 years ago
Also, please notice this makes the actual README obsolete.
Yep, we have a bunch of jobs dying on our CI/CD cluster 😬
I'm going to be updating our jobs with https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub
thanks to @bLuka
Also curious why it was removed just now, and if we could get the README updated if this change is going to stick around?
Maybe it would be best to revert this change, mark as deprecated, and allow systems such as the aforementioned Gitlab Auto-DevOps time to update?
👋 Apologies for the CI burps and interruptions to anyone affected by this change. I removed the public key from this repository due to the potential attack vector. It's not a good idea to keep the verification keys in the same place as the code being signed.
The GitLab CI template referenced is really out of date – it references glibc
v2.23, which is over 2.5 years old.
📝 Submitted https://gitlab.com/gitlab-org/gitlab-ci-yml/merge_requests/185 to fix the "Auto DevOps" pipeline.
please notice this makes the actual README obsolete.
could get the README updated
Please note that the README was also updated in #88 to reference the new location of the public signing key. I'm sorry for anyone affected by this change – I'll update the README shortly to emphasise this change and the change required for anyone else affected.
It seems the latest pull request (#88) broke the Gitlab Auto-DevOps template among other Alpine scripts :smile:
If anyone come through this, the only need is to replace
https://raw.githubusercontent.com/sgerrand/alpine-pkg-glibc/master/sgerrand.rsa.pub
in scripts byhttps://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub
(as in 84c5fba3bcee1bbe9bda7298d7685d377235fe3d).Otherwise, you could also reference the file in its latest available version in the repository, from the commit reference :
https://raw.githubusercontent.com/sgerrand/alpine-pkg-glibc/0a4a98ae663a4aaa89bf010289a14d98950666bf/sgerrand.rsa.pub
@sgerrand Is it worth removing the public key from here given the cross-compatibilities issues it involves?