Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update signing key in dom0 #697

Closed
conorsch opened this issue May 13, 2021 · 1 comment · Fixed by #700
Closed

Update signing key in dom0 #697

conorsch opened this issue May 13, 2021 · 1 comment · Fixed by #700
Assignees
@eloquence

Comments

@conorsch
Copy link
Contributor

conorsch commented May 13, 2021
edited by eloquence
Loading

Towards freedomofpress/securedrop#5923. In order to rotate the SecureDrop Release Signing Key on the workstation, we must add the public key to both dom0 & sys-firewall, so that qubes-dom0-update will continue to verify packages such as qubes-template-securedrop-workstation-buster.

Separately, we'll need to add the pubkey to the Debian-based TemplateVMs. That's tracked in freedomofpress/securedrop-builder#249. This ticket tracks the dom0 changes, which will also require a bump or resign of the RPM packages shipped for dom0.
@conorsch conorsch mentioned this issue May 18, 2021
Merged
@eloquence
Copy link
Member

(I'll take a first stab at this tomorrow.)

@eloquence eloquence self-assigned this May 20, 2021
This was referenced May 20, 2021
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eloquence eloquence

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Switch to 2021 signing key; update tests freedomofpress/securedrop-workstation
2 participants
@eloquence @conorsch