Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
| docs:guide-developer:releases:buildbot-major-releases [2022/03/25 12:49] – [Import the GPG private key into buildbot] ynezz | docs:guide-developer:releases:buildbot-major-releases [2024/11/06 09:03] (current) – Remove the GPG key setup, the key is now provided via Nitrokey3 ynezz | ||
|---|---|---|---|
| Line 2: | Line 2: | ||
| These are collected notes of the steps we've done during preparation of buildbot infrastructure for 21.02 release. | These are collected notes of the steps we've done during preparation of buildbot infrastructure for 21.02 release. | ||
| - | |||
| - | ===== Generate new GPG key for release ===== | ||
| - | |||
| - | Read [[docs: | ||
| - | |||
| - | ==== Generate GPG key ==== | ||
| - | |||
| - | <code bash> | ||
| - | #!/bin/sh | ||
| - | |||
| - | RELEASE=" | ||
| - | RELEASE_DASH=" | ||
| - | GNUPGHOME=" | ||
| - | PASSPHRASE=" | ||
| - | |||
| - | cat > gpg-generate-key.txt << EOF | ||
| - | %echo Generating a Openwrt ${RELEASE} release signing key | ||
| - | | ||
| - | | ||
| - | | ||
| - | | ||
| - | | ||
| - | | ||
| - | | ||
| - | | ||
| - | | ||
| - | | ||
| - | %echo done | ||
| - | EOF | ||
| - | gpg --batch --generate-key gpg-generate-key.txt | ||
| - | |||
| - | cat > " | ||
| - | vault_buildbot_gpg_pass_openwrt_$RELEASE_DASH: | ||
| - | vault_buildbot_gpg_key_openwrt_$RELEASE_DASH: | ||
| - | $(gpg --pinentry-mode loopback --passphrase " | ||
| - | EOF | ||
| - | |||
| - | gpg --list-keys | ||
| - | |||
| - | KEYID=$(gpg --list-signatures --with-colons | grep sig: | cut -d: -f 5 | head -1) | ||
| - | gpg --export --armor > " | ||
| - | gpg --keyserver keyserver.ubuntu.com --send-keys " | ||
| - | </ | ||
| - | |||
| - | Should output something like this: | ||
| - | |||
| - | <code bash> | ||
| - | gpg: keybox '/ | ||
| - | gpg: Generating a Openwrt 22.03 release signing key | ||
| - | gpg: / | ||
| - | gpg: key CD54E82DADB3684D marked as ultimately trusted | ||
| - | gpg: directory '/ | ||
| - | gpg: revocation certificate stored as '/ | ||
| - | gpg: done | ||
| - | gpg: checking the trustdb | ||
| - | gpg: marginals needed: 3 completes needed: 1 trust model: pgp | ||
| - | gpg: depth: 0 valid: | ||
| - | gpg: next trustdb check due at 2024-03-24 | ||
| - | / | ||
| - | ------------------------------- | ||
| - | pub | ||
| - | BF856781A01293C8409ABE72CD54E82DADB3684D | ||
| - | uid | ||
| - | sub | ||
| - | |||
| - | gpg: sending key CD54E82DADB3684D to hkp:// | ||
| - | </ | ||
| - | |||
| - | ==== Import the GPG private key into buildbot ==== | ||
| - | |||
| - | Put YAML content of // | ||
| - | |||
| - | <code yaml> | ||
| - | | ||
| - | | ||
| - | | ||
| - | | ||
| - | | ||
| - | </ | ||
| - | ==== Cleanup ==== | ||
| - | |||
| - | <code bash> | ||
| - | rm -fr / | ||
| - | reboot | ||
| - | </ | ||
| - | |||
| - | ==== Cross sign new GPG key ==== | ||
| - | |||
| - | FIXME http:// | ||
| ===== Generate usign key ===== | ===== Generate usign key ===== | ||
| <code bash> | <code bash> | ||
| - | usign -G -c " | + | usign -G -c " |
| </ | </ | ||
| Line 110: | Line 21: | ||
| <code yaml> | <code yaml> | ||
| - | vault_buildbot_usign_key_openwrt_21_02: | + | vault_buildbot_usign_key_openwrt_22_03: |
| </ | </ | ||
| Line 121: | Line 32: | ||
| - [[commit>? | - [[commit>? | ||
| + | - [[commit> | ||
| + | |||
| + | ==== Add new GPG key information to the release signatures page ===== | ||
| + | - Add new key info to [[: | ||
| ===== Prepare buildbot infra and assign buildworkers ===== | ===== Prepare buildbot infra and assign buildworkers ===== | ||