GitLab 패키지 리포지토리의 메타데이터를 서명하는 데 사용되는 GPG 키 변경

Source: GitLab Blog | Author: Balasankar ‘Balu’ C

GitLab은 Packagecloud 인스턴스를 사용하여 공식 omnibus-gitlabgitlab-runner 패키지를 배포합니다. 이 인스턴스를 통해 배송된 패키지의 무결성을 보장하기 위해, 이 인스턴스에서 관리되는 다양한 apt 및 yum 리포지토리의 메타데이터는 별도의 키로 서명되는 패키지 자체 외에도 GPG 키를 사용하여 서명됩니다.

The current key used for the metadata signing, with the fingerprint 1A4C 919D B987 D435 9396 38B9 1421 9A96 E15E 78F, is set to expire on Apr. 15, 2020. So, GitLab is rotating this GPG key in favor of a newer one which will be active for another two years. The GPG fingerprint of this new key is F640 3F65 44A3 8863 DAA0 B6E0 3F01 618A 5131 2F3F. Please check the official documentation for more details on the key.

When will it be changed?

The key will be changed on Apr. 6, 2020.

What does this mean for existing users?

Any existing users who have already configured these repositories in their machines (using any method that uses like the curl script mentioned in the GitLab installation page or gitlab-runner installation docs) will be affected and will be unable to fetch packages from these repositories after the key is changed until they install the new public key. This is because once the GPG key is changed, the metadata will be signed with the new key, and because the user doesn’t have the corresponding public key, apt/yum will fail to verify the integrity of these repositories and will not fetch packages from them.

What does this mean for new users?

For users who are configuring the repositories for the first time, the curl script to install repositories will automatically fetch the new key – so new users who are configuring repositories for the first time after the switch are unaffected and do not need to do anything beyond following official installation docs.

What should I do?

If you have already configured GitLab repositories on your machine before Apr. 6, 2020, please check out the official documentation on how to fetch and add the new key to your machine.

If you are a new user, there is nothing specific for you to do other than follow the GitLab installation page or the gitlab-runner installation docs.

I still have problems, what do I do?

Please open an issue in the omnibus-gitlab issue tracker.

댓글 남기기