Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: download celestia-app-maintainers key in verify signature script #2665

Merged
merged 1 commit into from
Oct 15, 2023
Merged

fix: download celestia-app-maintainers key in verify signature script #2665

merged 1 commit into from
Oct 15, 2023

Conversation

rootulp
Copy link
Collaborator

@rootulp rootulp commented Oct 11, 2023

Closes #2664

Testing

On a Digital Ocean droplet that has no keys,

root@rootulp-quicksync:~# ./verify-signature.sh checksums.txt.sig checksums.txt
Downloading the celestia-app-maintainers public key...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   689  100   689    0     0   6270      0 --:--:-- --:--:-- --:--:--  6321
Importing celestia-app-maintainers.asc
gpg: key D469F859693DC3FA: public key "celestia-app-maintainers <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
Deleting celestia-app-maintainers.asc
Verifying the signature of checksums.txt.sig with checksums.txt
gpg: Signature made Tue Oct 10 13:25:06 2023 UTC
gpg:                using EDDSA key BF02F32CC36864560B90B764D469F859693DC3FA
gpg: Good signature from "celestia-app-maintainers <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: BF02 F32C C368 6456 0B90  B764 D469 F859 693D C3FA

@rootulp rootulp added the backport:v1.x PR will be backported automatically to the v1.x branch upon merging label Oct 11, 2023
@rootulp rootulp self-assigned this Oct 11, 2023
@celestia-bot celestia-bot requested a review from a team October 11, 2023 16:13
cmwaters
cmwaters approved these changes Oct 12, 2023
View reviewed changes
Copy link
Contributor

@cmwaters cmwaters left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utAck

I have a mac that is not able to run the linux binary

@rootulp rootulp removed the backport:v1.x PR will be backported automatically to the v1.x branch upon merging label Oct 15, 2023
@rootulp
Copy link
Collaborator Author

rootulp commented Oct 15, 2023

It's not clear to me if we should backport this PR. I expect most users who use this script to land on it via the README.md link and both the README.md and the script will use the default branch (main) rather than a release branch so I think we don't need to backport.

@rootulp rootulp enabled auto-merge (squash) October 15, 2023 19:01
rach-id
rach-id approved these changes Oct 15, 2023
View reviewed changes
Copy link
Member

@rach-id rach-id left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utAck.

Left unblocking comment

README.md
gpg: using EDDSA key BF02F32CC36864560B90B764D469F859693DC3FA
gpg: Good signature from "celestia-app-maintainers <[email protected]>" [ultimate]
gpg: Good signature from "celestia-app-maintainers <[email protected]>" [unknown]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the [unknown]?
Also, is there a way for the signature to be trusted?

@rootulp rootulp merged commit 40385b9 into celestiaorg:main Oct 15, 2023
25 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cmwaters cmwaters cmwaters approved these changes

@rach-id rach-id rach-id approved these changes

@evan-forbes evan-forbes Awaiting requested review from evan-forbes

@staheri14 staheri14 Awaiting requested review from staheri14

Assignees

@rootulp rootulp

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

gpg: Can't check signature: No public key when using the verify signature script
3 participants
@rootulp @cmwaters @rach-id