Chiebot-Mirror
/
tini
mirror of https://github.com/krallin/tini.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

Replace GPG key short id for full fingerprint (#48)

Browse Source 
Prevent dead beef attack
pull/54/merge
Jorge Marin 9 years ago committed by Thomas Orozco
parent b4824de6ca
commit df9dbc1055
3 changed files with 7 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      README.md
  2. 4
      ci/run_build.sh
  3. 4
      tpl/README.md.in

4
README.md
Unescape View File

@ -58,7 +58,7 @@ Arguments for Tini itself should be passed like `-v` in the following example:
### Signed binaries ###
The `tini` and `tini-static` binaries are signed using the key `0527A9B7`.
The `tini` and `tini-static` binaries are signed using the key `595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7`.
You can verify their signatures using `gpg` (which you may install using
your package manager):
@ -66,7 +66,7 @@ your package manager):
ENV TINI_VERSION v0.10.0
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc /tini.asc
RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 0527A9B7 \
RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 \
&& gpg --verify /tini.asc

4
ci/run_build.sh
Unescape View File

@ -117,11 +117,13 @@ if [[ -n "$GPG_PASSPHRASE" ]] && [[ -f "${SOURCE_DIR}/sign.key" ]]; then
echo "Signing binaries"
GPG_SIGN_HOMEDIR="${BUILD_DIR}/gpg-sign"
GPG_VERIFY_HOMEDIR="${BUILD_DIR}/gpg-verify"
PGP_KEY_FINGERPRINT="595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7"
PGP_KEYSERVER="ha.pool.sks-keyservers.net"
mkdir "${GPG_SIGN_HOMEDIR}" "${GPG_VERIFY_HOMEDIR}"
chmod 700 "${GPG_SIGN_HOMEDIR}" "${GPG_VERIFY_HOMEDIR}"
gpg --homedir "${GPG_SIGN_HOMEDIR}" --import "${SOURCE_DIR}/sign.key"
gpg --homedir "${GPG_VERIFY_HOMEDIR}" --keyserver ha.pool.sks-keyservers.net --recv-keys 0527A9B7
gpg --homedir "${GPG_VERIFY_HOMEDIR}" --keyserver "$PGP_KEYSERVER" --recv-keys "$PGP_KEY_FINGERPRINT"
for tini in "${DIST_DIR}/tini" "${DIST_DIR}/tini-static"; do
echo "${GPG_PASSPHRASE}" | gpg --homedir "${GPG_SIGN_HOMEDIR}" --passphrase-fd 0 --armor --detach-sign "${tini}"

4
tpl/README.md.in
Unescape View File

@ -58,7 +58,7 @@ Arguments for Tini itself should be passed like `-v` in the following example:
### Signed binaries ###
The `tini` and `tini-static` binaries are signed using the key `0527A9B7`.
The `tini` and `tini-static` binaries are signed using the key `595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7`.
You can verify their signatures using `gpg` (which you may install using
your package manager):
@ -66,7 +66,7 @@ your package manager):
ENV TINI_VERSION v@tini_VERSION_MAJOR@.@tini_VERSION_MINOR@.@tini_VERSION_PATCH@
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc /tini.asc
RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 0527A9B7 \
RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 \
&& gpg --verify /tini.asc

Write Preview
Loading…
Cancel
Save