-
Notifications
You must be signed in to change notification settings - Fork 538
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Riak RPMs not GPG signed [JIRA: RIAK-1647] #714
Comments
They never have been. Is this a new requirement?
|
Hey @gcymbalski, this request is a valid new feature for us. It's certainly a standard in our industry. Thanks @danieldreier for opening it up. Our infrastructure team is building some pretty big projects of late so this may take a little while to address just so you know. Cheers! 🙇 |
thanks @mjbrender |
Hey @danieldreier - I guess I need to follow up on this elsewhere. |
thanks @mjbrender - it's probably worth noting that packagecloud (which basho currently uses) can sign packages for you. I don't know what your build pipeline looks like but it should be relatively straightforward to enable that step. |
The Riak RPM in the packagecloud yum repository is not GPG signed, so installing it requires that GPG validation be disabled. In the docs for using the yum repo a GPG key is linked to ("gpgkey=https://packagecloud.io/gpg.key") but gpgcheck is disabled ("gpgcheck=0") and so that key will never be used.
I think that packagecloud can sign these for you.
The text was updated successfully, but these errors were encountered: