Project

General

Profile

Bug #11828

Document how we manage the Jenkins' artifact signing key used by isobuilders

Added by intrigeri almost 3 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Continuous Integration
Target version:
Start date:
09/23/2016
Due date:
% Done:

100%

Feature Branch:
Type of work:
Contributors documentation
Blueprint:
Starter:
Affected tool:

Description

That key expired yesterday, and I could not find any place where we document how to distribute that key, let alone manage it with Puppet. So it seems that I'll have to distribute the updated key by hand. IMO we should do the documentation part now, and file a ticket wrt. managing it with Puppet some day.

Associated revisions

Revision 4192f55a (diff)
Added by intrigeri over 2 years ago

Document tails_secrets_* Puppet modules wherever they're used (Closes: #11828).

History

#3 Updated by anonym over 2 years ago

  • Target version changed from Tails_2.9.1 to Tails 2.10

#4 Updated by intrigeri over 2 years ago

  • Target version changed from Tails 2.10 to Tails_2.11

#5 Updated by bertagaz over 2 years ago

  • Assignee changed from bertagaz to intrigeri
  • QA Check set to Info Needed

intrigeri wrote:

That key expired yesterday, and I could not find any place where we document how to distribute that key, let alone manage it with Puppet. So it seems that I'll have to distribute the updated key by hand. IMO we should do the documentation part now, and file a ticket wrt. managing it with Puppet some day.

That's actually what the tails_secret_jenkins puppet module is taking care of. I've imported the updated key there. Shall this still be documented somewhere?

#6 Updated by intrigeri over 2 years ago

  • Assignee changed from intrigeri to bertagaz
  • QA Check changed from Info Needed to Dev Needed

Shall this still be documented somewhere?

Given I was not able to find out myself: yes, please :)

#7 Updated by bertagaz over 2 years ago

  • Status changed from Confirmed to In Progress
  • Assignee changed from bertagaz to intrigeri
  • % Done changed from 0 to 50
  • QA Check changed from Dev Needed to Ready for QA

intrigeri wrote:

Given I was not able to find out myself: yes, please :)

Well, you did the exact same thing to handle the reprepro signing key. But I've pushed a new file in the sysadmin Git repo anyway, if you want to have a look.

#8 Updated by intrigeri over 2 years ago

Well, you did the exact same thing to handle the reprepro signing key.

That's entirely irrelevant here so I won't argue about it.

#9 Updated by intrigeri over 2 years ago

  • Subject changed from Better manage Jenkins' artifact signing key used by isobuilders to Document how we manage the Jenkins' artifact signing key used by isobuilders

#10 Updated by intrigeri over 2 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 50 to 100

#11 Updated by intrigeri over 2 years ago

  • Assignee deleted (intrigeri)
  • QA Check changed from Ready for QA to Pass

bertagaz wrote:

But I've pushed a new file in the sysadmin Git repo anyway, if you want to have a look.

Thanks! I've moved the relevant (i.e. non-trivial and non-obvious) bits of it to our public services config doc, as I see no reason to pretend this is secret, even more so after we've explained at length how it's done on this very (public) ticket.

We can now move on to funnier stuff :)

Also available in: Atom PDF