Skip to content

[release/10.0.1xx] Fix certificate selection for debs and fix signing validation for the new key (and all future new keys)#2723

Merged
mmitche merged 3 commits into
dotnet:release/10.0.1xxfrom
jkoritzinsky:newkey-deb-sign
Oct 6, 2025
Merged

[release/10.0.1xx] Fix certificate selection for debs and fix signing validation for the new key (and all future new keys)#2723
mmitche merged 3 commits into
dotnet:release/10.0.1xxfrom
jkoritzinsky:newkey-deb-sign

Conversation

@jkoritzinsky

Copy link
Copy Markdown
Member

-newkey- deb files weren't being signed with the correct key.

Also, we didn't import the new public key into our list of valid keys for signing validation. Add the new microsoft-rolling.asc file (which contains the new key and will contain all future new keys if the keys change again) so we can validate the new signatures forever (no matter when the keys change).

@jkoritzinsky

Copy link
Copy Markdown
Member Author

/backport to main

@github-actions

github-actions Bot commented Oct 3, 2025

Copy link
Copy Markdown
Contributor

@mmitche mmitche merged commit 586e1a2 into dotnet:release/10.0.1xx Oct 6, 2025
10 checks passed
@dotnet-policy-service dotnet-policy-service Bot requested a review from a team October 6, 2025 18:40
@jkoritzinsky jkoritzinsky deleted the newkey-deb-sign branch October 6, 2025 19:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: Done

Development

Successfully merging this pull request may close these issues.

3 participants