Skip to content

Update Node.js release signing keys#2126

Merged
SimenB merged 3 commits intonodejs:mainfrom
richardlau:releaserkeys
Sep 25, 2024
Merged

Update Node.js release signing keys#2126
SimenB merged 3 commits intonodejs:mainfrom
richardlau:releaserkeys

Conversation

@richardlau
Copy link
Copy Markdown
Member

@richardlau richardlau commented Jul 26, 2024

Description

Fixes the Node.js release signing key update script to account for upstream Node.js changes:

Syncs the list of Node.js release signing keys by running the updated script.

Remove @MylesBorins' key as he has stepped down from the releasers team.

Motivation and Context

I'm going through the Node.js releaser off-boarding steps for Myles and removing his key from this repository is one of the offboarding steps.

In general keeping the list of Node.js release signing keys is good practice.

Testing Details

Example Output(if appropriate)

Types of changes

  • Documentation
  • Version change (Update, remove or add more Node.js versions)
  • Variant change (Update, remove or add more variants, or versions of variants)
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Other (none of the above)

Checklist

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING.md document.
  • All new and existing tests passed.

@richardlau
chore: fix update-keys.sh for current README.md
df91b7f 
The `update-keys.sh` script needed updating to account for:
* Node.js HEAD branch is now `main`
* Comments added to each line in the key list
@richardlau
keys: sync Node.js keys with current releaser keys
cd424d0 
Regenerate `keys/nodejs.keys` by re-running `update-keys.sh`.
@richardlau
keys: remove key for emeritus releaser
b2cfafd 
Refs: nodejs/Release#1024
Refs: nodejs/node#54059
@richardlau richardlau mentioned this pull request Jul 26, 2024
Merged
nschonni
nschonni approved these changes Jul 26, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@nschonni nschonni left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

RSLGTM

SimenB
SimenB reviewed Jul 29, 2024
View reviewed changes
Comment thread update-keys.sh
#!/bin/sh -ex

curl -fsSLo- --compressed https://github.com/nodejs/node/raw/master/README.md | awk '/^gpg --keyserver hkps:\/\/keys\.openpgp\.org --recv-keys/ {print $NF}' > keys/node.keys
curl -fsSLo- --compressed https://github.com/nodejs/node/raw/main/README.md | awk '/--recv-keys.*#/{ gsub(/^.*--recv-keys\s+/,"");gsub(/\s+#.*$/,""); print }' > keys/node.keys
Copy link
Copy Markdown
Member

@SimenB SimenB Jul 29, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this has always felt brittle - thoughts on hosting some file on e.g. https://nodejs.org that has this info rather than getting it from the readme?

Copy link
Copy Markdown
Member Author

@richardlau richardlau Aug 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The release WG maintains https://github.com/nodejs/release-keys/, for which there is https://github.com/nodejs/release-keys/blob/main/keys.list although that contains all keys (and not just the current active set).

@SimenB
Copy link
Copy Markdown
Member

SimenB commented Jul 29, 2024

Would it make sense to have a cron job that runs this script regularly so we get automated PRs? Similar to how we get node updates

@richardlau
Copy link
Copy Markdown
Member Author

richardlau commented Sep 25, 2024

Can this land?

@SimenB SimenB merged commit 2c3a06f into nodejs:main Sep 25, 2024
@SimenB
Copy link
Copy Markdown
Member

SimenB commented Sep 25, 2024

Of course, sorry!

@richardlau richardlau deleted the releaserkeys branch September 25, 2024 16:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SimenB SimenB SimenB left review comments

@ttshivers ttshivers ttshivers approved these changes

@nschonni nschonni nschonni approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@richardlau @SimenB @ttshivers @nschonni