Page MenuHomePhabricator

Nightly builds are not signed
Open, LowPublicBUG

Description

signature file seems to be missing on the server side.

vyos@wg01:~$ add system image https://downloads.vyos.io/rolling/current/amd64/vyos-1.2.0-rolling%2B201808181101-amd64.iso
Trying to fetch ISO file from https://downloads.vyos.io/rolling/current/amd64/vyos-1.2.0-rolling%2B201808181101-amd64.iso

% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                               Dload  Upload   Total   Spent    Left  Speed

100 354M 100 354M 0 0 1633k 0 0:03:41 0:03:41 --:--:-- 2082k
ISO download succeeded.
Checking for digital signature file...

% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                               Dload  Upload   Total   Spent    Left  Speed
0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0curl: (22) The requested URL returned error: 404 Not Found

Unable to fetch digital signature file.
Do you want to continue without signature check? (yes/no) [yes]

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close

Event Timeline

hagbard created this task.Aug 18 2018, 4:47 PM
hagbard created this object in space S1 VyOS Public.
hagbard changed Version from vyos-1.2.0-rolling-xxxx to -.
syncer triaged this task as Low priority.Sep 1 2018, 2:45 PM
syncer changed the subtype of this task from "Task" to "Bug".Oct 20 2018, 4:51 AM
syncer changed the visibility from "Subscribers" to "Public (No Login Required)".Oct 20 2018, 4:52 AM
syncer added subscribers: Maintainers, Core Community.

Nightly builds are not signed... for better or worse. It wouldn't be too hard to automatically sign them with the development key, but should we?

dmbaturin renamed this task from add system image signature issue to Nightly builds are not signed.Oct 21 2018, 5:28 PM
c-po added a subscriber: c-po.Oct 21 2018, 5:54 PM

If we can ensure that the key is stored somewhere halfway secure (Jenkins Keystore) it would be okay.

pasik added a subscriber: pasik.Mar 12 2019, 6:10 PM