Radish alpha
r
radicle.xyz
rad:z371PVmDHdjJucejRoRYJcDEvD5pp
Radicle website including documentation and guides
Radicle
Git
Patches 994ff7ea
Add Delegate Signers
Merged fintohaps opened 10 months ago

Currently, the only individuals that could sign binaries are fintan and cloudhead.

This patch adds erik and lorenz as signers in the install scripts, and also lists them in on the website.

I’m unsure about the website table – we should likely indicate who signed the binary, but open to other suggestions.

Activity Changes +14 -1
2 files changed +14 -1 ac3dca25 38d6dd2e
modified _pages/download.md
@@ -69,9 +69,18 @@ reproduce the binaries on this page from source.


<table>

  <thead><th>Signer</th></thead>
+ 
  <tr><td>Key</td><td><code>ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL460KIEccS4881p7PPpiiQBsxF+H5tgC6De6crw9rbU</code></td></tr>
+ 
  <tr><td>Fingerprint</td><td><code>SHA256:iTDjRHSIaoL8dpHbQ0mv+y0IQqPufGl2hQwk4TbXFlw</code></td></tr>
+ 
  <tr><td>Owner</td><td>cloudhead@radicle.xyz</td></tr>
+ 
  <tr><td>Key</td><td><code>ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBrJyJTwj/xG7F7qY0HDFXbb8A+xNNH8eILQ8hlvKW7/</code></td></tr>
+ 
  <tr><td>Fingerprint</td><td><code>SHA256:MOkcQvljDqQn8y+zlHFssx6gdH0rXdC+Wn88bsTPp6g</code></td></tr>
+ 
  <tr><td>Owner</td><td>erik@radicle.xyz</td></tr>

  <tr><td>Key</td><td><code>ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFsaRqAJ1r6bBFwlcWzJKN7DdjItQDumCNc0wqw6Dvk</code></td></tr>

  <tr><td>Fingerprint</td><td><code>SHA256:vV38nW5eSWfTMITdAoMCBOFzEEr0bDMXjSWHpwrpsKY</code></td></tr>

  <tr><td>Owner</td><td>fintan@radicle.xyz</td></tr>
+ 
  <tr><td>Key</td><td><code>ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFhK7CqgIIbSthoNn8ea32krOnMzC807Z+PpBkR2YOVj</code></td></tr>
+ 
  <tr><td>Fingerprint</td><td><code>SHA256:xX6bpr+AeF5G0wIvU8nLisgYRM6XjQVNJs3hkMGt+T0</code></td></tr>
+ 
  <tr><td>Owner</td><td>lorenz@radicle.xyz</td></tr>

</table>



<p id="radicle-httpd-release-header" class="loading">
modified install
@@ -7,7 +7,9 @@ set -e
# SSH signing key for the release archives. This is currently cloudhead and fintan's keys.

# FIXME: Technically, there should be a release signing key, with a shamir threshold of > 1, with the secret encrypted by something like SOPS.

CLOUDHEAD="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL460KIEccS4881p7PPpiiQBsxF+H5tgC6De6crw9rbU"
+ 
ERIK="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBrJyJTwj/xG7F7qY0HDFXbb8A+xNNH8eILQ8hlvKW7/"

FINTAN="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFsaRqAJ1r6bBFwlcWzJKN7DdjItQDumCNc0wqw6Dvk"
+ 
LORENZ="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFhK7CqgIIbSthoNn8ea32krOnMzC807Z+PpBkR2YOVj"



url() {

  echo "https://files.radicle.xyz/releases/$1/radicle-$2.tar.xz"
@@ -126,8 +128,10 @@ verify() {
  archive="$1"

  signers="$(dirname $archive)/signers"

  # Add the signer key to the allowed signers file we pass to ssh-keygen.
- 
  printf "radicle $FINTAN\n" > $signers

  printf "radicle $CLOUDHEAD\n" >> $signers
+ 
  printf "radicle $ERIK\n" > $signers
+ 
  printf "radicle $FINTAN\n" > $signers
+ 
  printf "radicle $LORENZ\n" > $signers



  # Verify that `$archive` was signed by a key in `$signers`, identified by the

  # pattern "*@radicle.xyz", using the signature in `$archive.sig`.