* [pve-devel] Release Signatures
@ 2021-12-05 17:42 Sid Spry
2021-12-06 8:22 ` Fabian Grünbichler
0 siblings, 1 reply; 2+ messages in thread
From: Sid Spry @ 2021-12-05 17:42 UTC (permalink / raw)
To: pve-devel
Are checksums and release signatures available for install media?
What about code signing on repos?
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [pve-devel] Release Signatures
2021-12-05 17:42 [pve-devel] Release Signatures Sid Spry
@ 2021-12-06 8:22 ` Fabian Grünbichler
0 siblings, 0 replies; 2+ messages in thread
From: Fabian Grünbichler @ 2021-12-06 8:22 UTC (permalink / raw)
To: Proxmox VE development discussion
On December 5, 2021 6:42 pm, Sid Spry wrote:
> Are checksums and release signatures available for install media?
yes.
checksum via TLS:
https://proxmox.com/en/downloads/item/proxmox-ve-7-1-iso-installer
(applies to other products/versions as well)
checksum + signature:
http://download.proxmox.com/iso/
signing key == repository key[1,2,3]
1: checksum via TLS https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_11_Bullseye#Adapt_your_sources.list
2: keys via TLS https://git.proxmox.com/?p=proxmox-archive-keyring.git;a=tree;f=debian;h=d3538cb8ad0753a45ded226c56e1ac0323a83588;hb=HEAD
3: or installed on any current PVE/PMG/PBS system via
`proxmox-archive-keyring` ;)
> What about code signing on repos?
no, there is no signing of git commits/.. . our consumable artifacts for
users are deb packages, which are chained to the repo signing key as
trust anchor.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-12-06 8:22 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-05 17:42 [pve-devel] Release Signatures Sid Spry
2021-12-06 8:22 ` Fabian Grünbichler
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox