* [pve-devel] Release Signatures @ 2021-12-05 17:42 Sid Spry 2021-12-06 8:22 ` Fabian Grünbichler 0 siblings, 1 reply; 2+ messages in thread From: Sid Spry @ 2021-12-05 17:42 UTC (permalink / raw) To: pve-devel Are checksums and release signatures available for install media? What about code signing on repos? ^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [pve-devel] Release Signatures 2021-12-05 17:42 [pve-devel] Release Signatures Sid Spry @ 2021-12-06 8:22 ` Fabian Grünbichler 0 siblings, 0 replies; 2+ messages in thread From: Fabian Grünbichler @ 2021-12-06 8:22 UTC (permalink / raw) To: Proxmox VE development discussion On December 5, 2021 6:42 pm, Sid Spry wrote: > Are checksums and release signatures available for install media? yes. checksum via TLS: https://proxmox.com/en/downloads/item/proxmox-ve-7-1-iso-installer (applies to other products/versions as well) checksum + signature: http://download.proxmox.com/iso/ signing key == repository key[1,2,3] 1: checksum via TLS https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_11_Bullseye#Adapt_your_sources.list 2: keys via TLS https://git.proxmox.com/?p=proxmox-archive-keyring.git;a=tree;f=debian;h=d3538cb8ad0753a45ded226c56e1ac0323a83588;hb=HEAD 3: or installed on any current PVE/PMG/PBS system via `proxmox-archive-keyring` ;) > What about code signing on repos? no, there is no signing of git commits/.. . our consumable artifacts for users are deb packages, which are chained to the repo signing key as trust anchor. ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-12-06 8:22 UTC | newest] Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-12-05 17:42 [pve-devel] Release Signatures Sid Spry 2021-12-06 8:22 ` Fabian Grünbichler
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox