Skip to content

Commit

Permalink
add signature verification
Browse files Browse the repository at this point in the history
  • Loading branch information
@tonymet
tonymet committed Dec 11, 2024
1 parent 9c8bee4 commit bea2bf1
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 1 deletion.
15 changes: 15 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,21 @@ $ curl -LO https://github.com/tonymet/gcloud-lite/releases/download/472.0.0/goog
$ tar -zxf *gz
```

## Verifying .tgz Release Signature
`public-key.pub` is found in this repo
`ARCHIVE` & `ARCHIVE.sig` are included in each release
*Verified OK* is expected for a good signature.
```
PUBLIC_KEY=public-key.pub
ARCHIVE=google-cloud-cli-487.0.0-linux-x86_64-lite.tar.gz
openssl dgst -verify "${PUBLIC_KEY}" \
-signature "${ARCHIVE}.sig"
"${ARCHIVE}"
Verified OK
```



## Benchmarks
Tested on GCP Compute Instance e2-medium
| Image | Time | Improvement |
Expand Down
2 changes: 1 addition & 1 deletion lite-release.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ die () {
[[ -v PROJECT ]] || die "\$PROJECT is unset"
[[ -v OBJECT ]] || die "\$OBJECT is unset"
[[ -v BUCKET ]] || die "\$BUCKET is unset"
[[ -v KMS_KEYPATH ]] || die "\$KMS_KEY_PATH is unset"
[[ -v KMS_KEYPATH ]] || die "\$KMS_KEYPATH is unset"
build_tarball(){
[[ -v 1 ]] || die "\$1 is unset"
[[ -v CLOUD_SDK_VERSION ]] || die "CLOUD_SDK_VERSION is unset"
Expand Down
4 changes: 4 additions & 0 deletions public-key.pub
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHRBC+jfmUKS1uwF7a46kx6/nthdJ
Sah1TVY2i2TuEMGyVW/4+diMSxVB4BILwtKhv5ZUiGwSlvioKGsShh3yTA==
-----END PUBLIC KEY-----

0 comments on commit bea2bf1

Please sign in to comment.