subject:"\[Tails\-dev\] Please review'n'merge feature\/Sign_jenkins_builds

Re: [Tails-dev] Please review'n'merge feature/Sign_jenkins_builds_artifacts

2013-09-29 Thread intrigeri

berta...@ptitcanardnoir.org wrote (28 Sep 2013 09:22:16 GMT) :
 Please merge this branch in experimental, devel, stable, testing and
 feature/wheezy if happy with it.

I'd be happy too, but the branch is based on devel, so I can't merge
it into stable. Please rebase on stable, and reassign the ticket
to me.

Cheers,
-- 
  intrigeri
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

Re: [Tails-dev] Please review'n'merge feature/Sign_jenkins_builds_artifacts

2013-09-29 Thread intrigeri

berta...@ptitcanardnoir.org wrote (28 Sep 2013 09:22:16 GMT) :
 This change goes together with two changes in our puppet modules:

 A new one has been created to deploy the gnupg keyring in our autobuilder
 VM on lizard, and has been reviewed already by intrigeri.

I've had a look to the newest changes that I hadn't reviewed yet.

I think commit 433fa5cf (Move the /mnt/crypt mount operation in
a more appropriate place) in lizard's Puppet manifests, and the
corresponding commit 2b71c6c6 in tails_secrets_jenkins, are a mistake,
and can be dangerous in the future.

Let me explain why.

This dummy mount really belongs to an individual node's manifest.
This declaration is the only way a sysadmin deploying the
tails_secrets_jenkins module can state that they have taken care of
the storage security pre-requisites of that module. This statement
unblocks the deployment of the module.

Moving this dummy mount into tails_secrets_jenkins really means
pretend my storage security pre-requisites are satisfied, regardless
of where and how I'm deployed, which kinda defeats the purpose of
having any such safe-guard in place.

Please revert both commits. A nicer solution has to be found.
I'm happy to help a bit, but for this I need more information than If
not it seems to raise a chicken and egg problem :)

I'm thus re-opening #6266.

 Ticket : #6268 - Adapt the Jenkins artifacts rotation script

ACK, marking as resolved!

Cheers,
-- 
  intrigeri
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

Re: [Tails-dev] Please review'n'merge feature/Sign_jenkins_builds_artifacts

2013-09-29 Thread bertagaz

On Sun, Sep 29, 2013 at 01:36:28PM +0200, intrigeri wrote:
 berta...@ptitcanardnoir.org wrote (28 Sep 2013 09:22:16 GMT) :
  Please merge this branch in experimental, devel, stable, testing and
  feature/wheezy if happy with it.
 
 I'd be happy too, but the branch is based on devel, so I can't merge
 it into stable. Please rebase on stable, and reassign the ticket
 to me.

Oooch, you're right. I've just force updated the branch for it to be
based on the stable one. Thanks for the reminder.

bert.
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

Re: [Tails-dev] Please review'n'merge feature/Sign_jenkins_builds_artifacts

2013-09-29 Thread intrigeri

berta...@ptitcanardnoir.org wrote (29 Sep 2013 12:13:24 GMT) :
 Oooch, you're right. I've just force updated the branch for it to be
 based on the stable one. Thanks for the reminder.

merged, pushed to origin + lizard, thanks.
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

[Tails-dev] Please review'n'merge feature/Sign_jenkins_builds_artifacts

2013-09-28 Thread bertagaz

Hi,

The feature/Sign_jenkins_builds_artifacts branch add the ability to our
build-tails script to automatically sign the build result when run in a
jenkins environment.

It has been merged into the experimental branch of lizard's Tails repo,
and tested on jenkins.tails.boum.org. The result can be checked on
nightly.tails.boum.org.

Ticket : #6267 - Add checksum signing ability to the Tails build script
Commit : 31be69f

Please merge this branch in experimental, devel, stable, testing and
feature/wheezy if happy with it.


This change goes together with two changes in our puppet modules:

A new one has been created to deploy the gnupg keyring in our autobuilder
VM on lizard, and has been reviewed already by intrigeri.

Another change in our puppet setup is related to our rotation script,
which needed to be aware that it needs to take care of two new files
(*.iso.shasum and *.iso.shasum.asc). This last change can be checked in
our main puppet git repo for lizard

Ticket : #6268 - Adapt the Jenkins artifacts rotation script
Commit : fdecb95 and 6eef9d6

If happy with them, the reviewer can also push the new signing key on the
keyserver. It has already been signed by our main signing key.
If not, I can take care of that.

Thanks

bert.

___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

Re: [Tails-dev] Please review'n'merge feature/Sign_jenkins_builds_artifacts

Re: [Tails-dev] Please review'n'merge feature/Sign_jenkins_builds_artifacts

Re: [Tails-dev] Please review'n'merge feature/Sign_jenkins_builds_artifacts

Re: [Tails-dev] Please review'n'merge feature/Sign_jenkins_builds_artifacts

[Tails-dev] Please review'n'merge feature/Sign_jenkins_builds_artifacts

5 matches

Site Navigation

Mail list logo

Footer information