potiuk commented on PR #36930: URL: https://github.com/apache/airflow/pull/36930#issuecomment-1902679160
I actually managed to get also the helm package reproducible - It turned out to be as easy as repackaging the .tar.gz produced by helm-package in a reproducible way. Signing the packages with `helm-gpg` does not change the package itself, it only adds `.prov` file, so we can re-package the produce .tar.gz and use `helm gpg` to generete .prov. This way we can nicely combine reproducible packages, signing in ASF way and signing with .prov file. Pretty cool. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
