Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in
  • A arch-release-promotion
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Graph
    • Compare
    • Locked Files
  • Issues 10
    • Issues 10
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
  • Merge requests 8
    • Merge requests 8
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Releases
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Arch LinuxArch Linux
  • arch-release-promotion
  • Issues
  • #15
Closed
Open
Issue created Aug 13, 2021 by nl6720@nl6720Reporter

Enforce sane gpg options

gpg run by signature.py is subject to the options set in user's gpg.conf. Some of them may be undesirable and should overridden with the command line options.

Potential command line options to add:

  • --no-armor: ensures gpg creates a .sig file instead of .asc in case gpg.conf has armor.
  • --no-include-key-block: ensures the signature file doesn't contain an embedded public key. Protects against a situation when the verifying use has auto-key-import in gpg.conf as it's important that the public key retrieved from another place instead of the signature itself.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking