[RPM M2] The signing workflow should have a function to sign the RPM package with OpenSearch Project PGP key
peterzhuamazon opened this issue · 2 comments
peterzhuamazon commented
| Tasks | Estimate | Status | Notes | Dependencies |
|---|---|---|---|---|
| Just like the build and the assemble workflow, we need to add a “--distribution” parameter so that the signing workflow can use rpm toolkit to sign RPM packages | 3 | Not Started | ||
| Add the rpm toolkit call for RPM package to OpenSearch Signer Client, as it is the backend for signing workflow to function correctly | 5+ | Not Started | This requires the internal signer client to be updated to support such feature | OpenSearch Signer Client UpdatesAssemble workflow must complete all the changes |
| Create checksum after signing is completed to ensure the integrity of the package | 2 | Not Started |
- Update 20220502:
- We also need to get staging signed as well, as our promotion workflow will pull from staging and push to production bucket.
peterzhuamazon commented
We are going to manually sign the rpms and yum repo for now.
peterzhuamazon commented
Temp method: