Import Zcash developer public keys
* Changes method for setting trust level of GPG keys * Import keys but don't use Ansible git verify_commit Per an upstream Ansible bug, verifying signed tags is not supported yet. Also removes non-working scp.sh script. Updates README to explain how to run gverify. Changes zcash_version to v1.0.0-rc2
This commit is contained in:
parent
396899dcc3
commit
00e9d9d76f
|
@ -85,6 +85,8 @@ Generating and uploading signatures
|
|||
|
||||
After the build successfully completes, `gsign` will be called. Commit and push your signatures (both the .assert and .assert.sig files) to the [zcash/gitian.sigs](https://github.com/zcash/gitian.sigs) repository, or if that's not possible then create a pull request.
|
||||
|
||||
Signatures can be verified by running `gitian-build.sh --verify`, but set `build=false` in the script to skip building. Run a `git pull` beforehand on `gitian.sigs` so you have the latest. The provisioning includes a task which imports Zcash developer public keys to the Vagrant user's keyring and sets them to ultimately trusted, but they can also be found at `contrib/gitian-downloader` within the Zcash source repository.
|
||||
|
||||
Working with GPG and SSH
|
||||
--------------------------
|
||||
|
||||
|
@ -106,7 +108,7 @@ Vagrant synced folders may also work natively with `vboxfs` if you install Virtu
|
|||
Copying files
|
||||
-------------
|
||||
|
||||
You can use the provided script `scp.sh`. Another way to do it is with a plugin.
|
||||
The easiest way to do it is with a plugin.
|
||||
|
||||
vagrant plugin install vagrant-scp
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
hosts: localhost:zcash-build
|
||||
vars:
|
||||
zcash_git_repo_url: https://github.com/zcash/zcash
|
||||
zcash_version: v1.0.0-rc1
|
||||
zcash_version: v1.0.0-rc2
|
||||
gpg_key_name: ''
|
||||
git_name: ''
|
||||
git_email: ''
|
||||
|
|
|
@ -9,3 +9,16 @@ zcash_gitian_sigs_repo: https://github.com/zcash/gitian.sigs
|
|||
zcash_version: master
|
||||
gitian_host_ip: 10.0.2.15
|
||||
lxc_guest_ip: 10.0.3.5
|
||||
zcash_developer_pubkeys:
|
||||
- name: nathan
|
||||
id: ED417FBE79C99E8C
|
||||
- name: daira
|
||||
id: 067F492098CF2762
|
||||
- name: sean
|
||||
id: 95684257D8F8B031
|
||||
- name: jack
|
||||
id: 0EC51FCDA94FB53E
|
||||
- name: simon
|
||||
id: C8F49C081F3AC6C4
|
||||
- name: kevin
|
||||
id: B604C32AD5D7C6D8
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
---
|
||||
- name: Download Zcash developer public keys from website.
|
||||
become: yes
|
||||
get_url:
|
||||
url: "https://z.cash/gpg-pubkeys/{{ item.name }}.asc"
|
||||
dest: "/tmp/{{ item.id }}.asc"
|
||||
owner: "{{ gitian_user }}"
|
||||
group: "{{ gitian_user }}"
|
||||
mode: "0644"
|
||||
with_items: "{{ zcash_developer_pubkeys }}"
|
||||
|
||||
- name: Import Zcash developer public keys.
|
||||
command: "gpg --import /tmp/{{ item.id }}.asc"
|
||||
become_user: "{{ gitian_user }}"
|
||||
with_items: "{{ zcash_developer_pubkeys }}"
|
||||
|
||||
- name: Set Zcash developer public keys to ultimately trusted.
|
||||
shell: >
|
||||
gpg --list-keys --with-colons --with-fingerprint `gpg --list-keys
|
||||
--with-colons | grep "pub:f:.*:-:" |
|
||||
sed -r -e 's/pub:f:[0-9]+:[0-9]+:([A-F0-9]+):.*/0x\1/'` | grep "^fpr:" |
|
||||
sed -r -e 's/fpr:::::::::([0-9A-F]+):/\1:6:/' | gpg --import-ownertrust
|
||||
become_user: "{{ gitian_user }}"
|
||||
args:
|
||||
executable: /bin/bash
|
|
@ -21,6 +21,7 @@
|
|||
- curl
|
||||
- debootstrap
|
||||
- git-core
|
||||
- gnupg2
|
||||
- kpartx
|
||||
- make
|
||||
- parted
|
||||
|
@ -128,6 +129,9 @@
|
|||
force: yes
|
||||
become_user: "{{ gitian_user }}"
|
||||
|
||||
- include: keys.yml
|
||||
tags: keys
|
||||
|
||||
- name: Clone git repository for Zcash.
|
||||
git:
|
||||
repo: "{{ zcash_git_repo_url }}"
|
||||
|
|
Loading…
Reference in New Issue