Skip to content

feat: sign with cosign checksums for release#520

Merged
talos-bot merged 1 commit into
siderolabs:mainfrom
BobyMCbobs:sign-checksum-files
Jul 2, 2025
Merged

feat: sign with cosign checksums for release#520
talos-bot merged 1 commit into
siderolabs:mainfrom
BobyMCbobs:sign-checksum-files

Conversation

@BobyMCbobs

@BobyMCbobs BobyMCbobs commented May 22, 2025

Copy link
Copy Markdown
Contributor

produce signatures for verifying checksums to allow verifying against tampering.

fixes: #519

Will sign blob with

@github-project-automation github-project-automation Bot moved this to To Do in Planning May 22, 2025
@talos-bot talos-bot moved this from To Do to In Review in Planning May 22, 2025
@BobyMCbobs

Copy link
Copy Markdown
Contributor Author

Alternatively, the process of signing and producing the checksum signature files can be performed in the same way container images are signed and will have the same signature verification, but signatures will need to be uploaded manually.

Comment thread internal/project/common/gh_workflow.go
Comment thread internal/project/common/gh_workflow.go Outdated
@frezbo frezbo force-pushed the sign-checksum-files branch 2 times, most recently from a45397c to d94ad86 Compare July 1, 2025 17:43
@github-project-automation github-project-automation Bot moved this from In Review to Approved in Planning Jul 1, 2025

@smira smira left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

enable it for kres itself and make a release?

@frezbo

frezbo commented Jul 2, 2025

Copy link
Copy Markdown
Member

enable it for kres itself and make a release?

I was not sure if we wanted for kres, I can do that

@frezbo frezbo force-pushed the sign-checksum-files branch 2 times, most recently from ec9753b to 43deb91 Compare July 2, 2025 13:08
produce signatures for verifying checksums

Signed-off-by: Caleb Woodbine <caleb.woodbine@siderolabs.com>
Signed-off-by: Noel Georgi <git@frezbo.dev>
@frezbo frezbo force-pushed the sign-checksum-files branch from 43deb91 to 880678f Compare July 2, 2025 13:16
@frezbo

frezbo commented Jul 2, 2025

Copy link
Copy Markdown
Member

/m

@talos-bot talos-bot merged commit 880678f into siderolabs:main Jul 2, 2025
14 checks passed
@github-project-automation github-project-automation Bot moved this from Approved to Done in Planning Jul 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

Archived in project

Development

Successfully merging this pull request may close these issues.

Sign checksums with cosign

4 participants