Sign RPM and DEB packages (!922) · Merge requests · GitLab.org / gitlab-runner · GitLab

Alessio Caiazza requested to merge 1197-the-packages-for-gitlab-ci-multi-runner-on-gitlab-com-are-unsigned into master Jun 06, 2018

What does this MR do?

This MR introduces package signing for DEB and RPM.

How does this work?

It's heavily inspired by how we sign on omnibus; the private key (password protected) is stored on S3.

Signing is based on the presence of some variables, those variables should be available only on protected branches.

$GPG_KEY trigger package signing.

$GPG_KEY: holds base64 of key
$GPG_PASSPHRASE: the private key passphrase

Why was this MR needed?

Are there points in the code the reviewer needs to double check?

Does this MR meet the acceptance criteria?

Documentation created/updated
Tests
- Added for this feature/bug
- All builds are passing
Branch has no merge conflicts with master (if you do - rebase it please)

What are the relevant issue numbers?

Closes #1197 (closed)

Edited Jul 05, 2018 by Kamil Trzciński