Skip to content

add --force option to recreate apk indexes with given signatures #626

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 22, 2023
Merged

add --force option to recreate apk indexes with given signatures #626

merged 1 commit into from
Aug 22, 2023

Conversation

joshrwolf
Copy link
Contributor

adds an opt in --force to melange sign-index that when provided, will create a new apk index with the provided key file, regardless of any existing signatures.

➜ curl -sfL https://packages.wolfi.dev/os/aarch64/APKINDEX.tar.gz -o idx
                                                                                                                                                                                                                                                                                                           
➜ tar tvf idx
-rw-r--r--  0 root   root      512 Dec 31  1969 .SIGN.RSA.wolfi-signing.rsa.pub
-rw-r--r--  0 0      0     3822057 Dec 31  1969 APKINDEX
-rw-r--r--  0 0      0           0 Dec 31  1969 DESCRIPTION
                                                                                                                                                                                                                                                                                                           
➜ melange sign-index --signing-key something-else.rsa idx -f
ℹ            | signing index /var/folders/5v/6gvb9x954sbd9tmqq14cwgrh0000gn/T/melange-sign-index2134875588 with key something-else.rsa
ℹ            | appending signature to index /var/folders/5v/6gvb9x954sbd9tmqq14cwgrh0000gn/T/melange-sign-index2134875588
ℹ            | writing signed index to /var/folders/5v/6gvb9x954sbd9tmqq14cwgrh0000gn/T/melange-sign-index2134875588
ℹ            | signed index /var/folders/5v/6gvb9x954sbd9tmqq14cwgrh0000gn/T/melange-sign-index2134875588 with key something-else.rsa
ℹ            | Replacing existing signed index (idx) with signed index with key something-else.rsa
                                                                                                                                                                                                                                                                                                           
➜ tar tvf idx
-rw-r--r--  0 root   root      512 Dec 31  1969 .SIGN.RSA.something-else.rsa.pub
-rw-r--r--  0 0      0     3822057 Dec 31  1969 APKINDEX
-rw-r--r--  0 0      0           0 Dec 31  1969 DESCRIPTION

@joshrwolf joshrwolf requested a review from a team as a code owner August 22, 2023 19:12
@joshrwolf joshrwolf requested review from jonjohnsonjr and removed request for a team August 22, 2023 19:12
@kaniini kaniini merged commit 16a3f10 into chainguard-dev:main Aug 22, 2023
@joshrwolf joshrwolf mentioned this pull request Aug 22, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonjohnsonjr jonjohnsonjr Awaiting requested review from jonjohnsonjr jonjohnsonjr was automatically assigned from chainguard-dev/images-maintainers

1 more reviewer

@kaniini kaniini kaniini approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@joshrwolf @kaniini