Pin release signing key and verify by default#95
Open
volen-silo wants to merge 1 commit into
Open
Conversation
b5293cb to
f71bb1a
Compare
f71bb1a to
fe8292c
Compare
Pin the production release signing public key in install.sh and install.ps1 and require signature verification by default on the release channel, so downloaded archives are checked against the pinned trust root before install. Guard the key end to end: release_readiness.py verifies built archives against the configured signing public key (a key mismatch fails at build time, not on users' machines), and verify_pinned_keys.py asserts the pinned constants match the canonical docs/keys file and the CI signing key. Both run in CI. Metadata pinning and the production-trust CI gate are wired but dormant (empty sentinel / unset variable) until their inputs exist. Signed-off-by: Eugene Volen <Eugene.Volen@amd.com>
fe8292c to
1029b8c
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Turns on signed-release trust for the release channel: the production release signing public key is pinned in the installers, and signature verification is now on by default for
install.sh release/install.ps1 release— downloaded archives are verified against the pinned trust root before install.What's in here
install.sh,install.ps1): the release public key is embedded as a constant; verification is mandatory by default on the release channel. Env overrides (ROCM_CLI_SIGNING_PUBLIC_KEY_PATH/PEM) remain as escape hatches. Multi-key support is present for future rotation.scripts/release_readiness.py): CI verifies built archives against the configured signing public key, so a private/public key mismatch fails at release time, not on users' machines.scripts/verify_pinned_keys.py): asserts the pinned constants match the canonicaldocs/keys/file and the CI signing key. Runs in CI (PRs + release/nightly), embedding-agnostic (shell/PowerShell/Rust).docs/keys/rocm-cli-release-current-public.pem).therock.rs, empty sentinel) and the production-trust CI gate (ROCM_CLI_REQUIRE_PRODUCTION_TRUST, unset) are wired but inert until their inputs exist — no behavior change from them.Safety / rollout
latestrelease exists yet (only pre-releases + a draft), soreleases/latest/downloadhas nothing to serve — enabling default-on cannot break existing users.ROCM_CLI_REQUIRE_PRODUCTION_TRUSTyet — it requires those inputs.Validation
verify_pinned_keys.py+release_readiness.pyself-tests, metadata unit tests, clippy, fmt, shell/YAML checks all green.Suggested pre-merge check
Cut a tag (or use the
v0.1.0-rc.1draft) so CI signs with the current key and confirm the readiness step reports "signature verified" — the final on-CI proof.🤖 Generated with Claude Code