Uploaded image for project: 'MongoDB Database Tools'
  1. MongoDB Database Tools
  2. TOOLS-3277

Migrate development rpm signatures to non-EOL server PGP key

    • Type: Icon: Task Task
    • Resolution: Gone away
    • Priority: Icon: Minor - P4 Minor - P4
    • None
    • Affects Version/s: None
    • Component/s: None
    • None

      We noticed that some of the mongodb-database-tools rpms are being signed by the server-4.0 PGP key when you’re submitting them to the development repos via Barque. We’re doing some cleanup on old keys laying around in preparation for migrating off of the Notary service and are wondering if it’s possible to move those Evergreen tasks to use a non-EOL server key, either 7.0 or 6.0 probably makes the most sense for now. The server-4.0 key shouldn’t be used anymore and we are hoping to not have to migrate it to our new signing platform.

      To do this, we need to update release/release.go so that for unstable releases we set the LinuxRepo.notaryKeyName to "server-6.0" and LinuxRepo.notaryToken to os.Getenv("NOTARY_TOKEN_6_0"). Right now we're not setting this to anything and Barque defaults to using "server-4.0" as the notary key name.

      It probably also makes sense to update the LinuxRepo.mongoVersionNumber to use a 6.x (fake) version for clarity.

            Assignee:
            Unassigned Unassigned
            Reporter:
            dylan.richardson@mongodb.com Dylan Richardson
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: