Skip to content

Sign repository indexes

Once #755 (closed) is done, we'll want to sign the index files.

From our planning document:

MUST: Sign indexes for a repository

  • Deal with having more keys than fit in our HSM
  • New task to sign Release files (produce both Release.gpg and InRelease in one go)
  • Task to generate a key for a repository
    • Decide on granularity
    • Design how keys are stored and linked to repositories
    • Permissions for key usage
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information