[MXS-2804] MaxScale RPMs should be signed with key that belongs to @mariadb.com Created: 2019-12-17 Updated: 2021-04-19 Resolved: 2020-08-27 |
|
| Status: | Closed |
| Project: | MariaDB MaxScale |
| Component/s: | Packaging |
| Affects Version/s: | 2.4.4 |
| Fix Version/s: | 2.4.12, 2.5.3 |
| Type: | Task | Priority: | Major |
| Reporter: | Valerii Kravchuk | Assignee: | Timofey Turenko |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Environment: |
RHEL and other RPM-based distros |
||
| Sub-Tasks: |
|
|||||||||||||||
| Sprint: | MXS-SPRINT-97, MXS-SPRINT-98, MXS-SPRINT-99, MXS-SPRINT-100, MXS-SPRINT-113 |
| Description |
|
MaxScale RPMs are signed by a key belonging to maxscale@googlegroups.com. This may be a problem for the environments with strict rules for key management. Auditors may ask why a supported product is signed by a key that does not belong to the vendor. It makes sense to renew the key with an @mariadb.com one or release "Enterprise" MaxScale RPMs signed by one. |
| Comments |
| Comment by Timofey Turenko [ 2020-01-20 ] |
|
signing will be moved away from Maxscale builds itself to separate signing server, waiting for it |
| Comment by Timofey Turenko [ 2020-08-20 ] |
|
Maxscale repo creating refactoring is done, now we can sign it with different keys, but I need to put keys into mdbe-ci-repo.mariadb.net (repo server for Maxscale and other products CI) |
| Comment by Timofey Turenko [ 2020-08-24 ] |
|
first repo signed by enterprise key https://mdbe-ci-repo.mariadb.net/Maxscale/maxscale-2.4.12-release/ now testing it |