[arch-dev-public] Netboot of 2021.11.01 ISO image is broken
Pierre Schmitz
pierre at archlinux.de
Mon Nov 1 17:49:48 UTC 2021
On Mon, Nov 1, 2021 at 5:10 PM David Runge <dave at sleepmap.de> wrote:
> ... use an ephemeral PGP key (which is fine, as
> it is not relevant whether it is a specific PGP key, only that the
> *correct* PGP key is used to validate the root image).
Thanks for your insights. I think I now found the missing peaces.
Using an ephemeral key made it much more easy. I created it as it is
done in https://gitlab.archlinux.org/archlinux/archiso/-/blob/master/.gitlab/ci/build_archiso.sh#L162
(not part of archiso itself, so I got confused) I re-uploaded the arch
folder. Let's hope that should fix the issue.
Still, doesn't this show we do not really need GPG to achieve
verification? We currently use _verify_signature() in
mkinicpio-archiso, but shouldn't _verify_checksum() be as secure
without the hassle to involve GPG?
Greetings,
Pierre
--
Pierre Schmitz, https://pierre-schmitz.com
More information about the arch-dev-public
mailing list