Update Node.js release signing keys#2126
Merged
SimenB merged 3 commits intonodejs:mainfrom Sep 25, 2024
Merged
Conversation
The `update-keys.sh` script needed updating to account for: * Node.js HEAD branch is now `main` * Comments added to each line in the key list
Regenerate `keys/nodejs.keys` by re-running `update-keys.sh`.
ttshivers
approved these changes
Jul 26, 2024
SimenB
reviewed
Jul 29, 2024
| #!/bin/sh -ex | ||
|
|
||
| curl -fsSLo- --compressed https://github.com/nodejs/node/raw/master/README.md | awk '/^gpg --keyserver hkps:\/\/keys\.openpgp\.org --recv-keys/ {print $NF}' > keys/node.keys | ||
| curl -fsSLo- --compressed https://github.com/nodejs/node/raw/main/README.md | awk '/--recv-keys.*#/{ gsub(/^.*--recv-keys\s+/,"");gsub(/\s+#.*$/,""); print }' > keys/node.keys |
Member
There was a problem hiding this comment.
this has always felt brittle - thoughts on hosting some file on e.g. https://nodejs.org that has this info rather than getting it from the readme?
Member
Author
There was a problem hiding this comment.
The release WG maintains https://github.com/nodejs/release-keys/, for which there is https://github.com/nodejs/release-keys/blob/main/keys.list although that contains all keys (and not just the current active set).
Member
|
Would it make sense to have a cron job that runs this script regularly so we get automated PRs? Similar to how we get node updates |
Member
Author
|
Can this land? |
Member
|
Of course, sorry! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fixes the Node.js release signing key update script to account for upstream Node.js changes:
mainSyncs the list of Node.js release signing keys by running the updated script.
Remove @MylesBorins' key as he has stepped down from the releasers team.
Motivation and Context
I'm going through the Node.js releaser off-boarding steps for Myles and removing his key from this repository is one of the offboarding steps.
In general keeping the list of Node.js release signing keys is good practice.
Testing Details
Example Output(if appropriate)
Types of changes
Checklist