From 393ca87572ef46bd7ee34b3cbf205afde4c25f38 Mon Sep 17 00:00:00 2001 From: manojsdoshi Date: Mon, 6 Apr 2020 14:49:51 -0700 Subject: [PATCH] Change the location for the project signer public keys: The automated build system only builds packages signed with a list of approved keys. This is a security measure to prevent someone who gains push access to the repository from producing potentially malicious packages that are signed by Ripple's trusted private keys. Moving this list to the new location makes it easy to add and delete new keys to the list. --- Builds/containers/gitlab-ci/pkgbuild.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Builds/containers/gitlab-ci/pkgbuild.yml b/Builds/containers/gitlab-ci/pkgbuild.yml index 555b9d0033..c431ee665b 100644 --- a/Builds/containers/gitlab-ci/pkgbuild.yml +++ b/Builds/containers/gitlab-ci/pkgbuild.yml @@ -19,7 +19,7 @@ variables: DPKG_CONTAINER_FULLNAME: "${DPKG_CONTAINER_NAME}:${DPKG_CONTAINER_TAG}" ARTIFACTORY_HOST: "artifactory.ops.ripple.com" ARTIFACTORY_HUB: "${ARTIFACTORY_HOST}:6555" - GIT_SIGN_PUBKEYS_URL: "https://gitlab.ops.ripple.com/snippets/11/raw" + GIT_SIGN_PUBKEYS_URL: "https://gitlab.ops.ripple.com/xrpledger/rippled-packages/snippets/49/raw" PUBLIC_REPO_ROOT: "https://repos.ripple.com/repos" # also need to define this variable ONLY for the primary # build/publish pipeline on the mainline repo: