Merge pull request #2838 from brave/signing-key-notes

Add note about signing key fingerprints to prevent confusion
brave · Jul 2, 2019 · 26e7637 · 26e7637
2 parents 390d573 + 84bf0e9
commit 26e7637
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 3 deletions.
diff --git a/script/upload_to_aptly b/script/upload_to_aptly
@@ -7,6 +7,10 @@ set -exu
 # dates below. These keys will be used for signing the packages
 # that we ship. We will update this table as keys are changed.
 #
+# THESE ARE THE MASTER KEY FINGERPRINTS, NOT THE SIGNING SUBKEY
+# FINGERPRINTS. THIS IS FOR CONSISTENCY BECAUSE THE NIGHTLY KEY
+# DOESN'T HAVE A SIGNING SUBKEY.
+#
 # Date          Channel       Fingerprint           Full Key
 #
 # 06/26/2019    Release       0x0BB75829C2D4E821    D8BAD4DE7EE17AF52A834B2D0BB75829C2D4E821

diff --git a/script/upload_to_rpm_repo b/script/upload_to_rpm_repo
@@ -7,9 +7,14 @@ set -exu
 # dates below. These keys will be used for signing the packages
 # that we ship. We will update this table as keys are changed.
 #
+# RPM SIGNING REQUIRES THE SIGNING SUBKEY, SO THESE ARE THE SIGNING SUBKEY
+# FINGERPRINTS, NOT THE MASTER FINGERPRINTS. UNFORTUNATELY THIS IS A DIVERGENCE
+# FROM THE APTLY SIGNING SCRIPT, WHICH USES SIGNING SUBKEYS.
+#
+#
 # Date          Channel       Fingerprint           Full Key
 #
-# 06/26/2019    Release       0x0BB75829C2D4E821    D8BAD4DE7EE17AF52A834B2D0BB75829C2D4E821
+# 06/26/2019    Release       0x4FE13824E3FFC656    E85FFA8E2E90B40B33ED39274FE13824E3FFC656
 # 12/29/2018    Beta          0x0B31DBA06A8A26F9    9228DBCE20DDE5EC46488DE90B31DBA06A8A26F9
 # 12/29/2018    Dev           0x0B31DBA06A8A26F9    9228DBCE20DDE5EC46488DE90B31DBA06A8A26F9
 # 12/29/2018    Nightly       0x0B31DBA06A8A26F9    9228DBCE20DDE5EC46488DE90B31DBA06A8A26F9
@@ -24,11 +29,11 @@ if [ -z "${CHANNEL}" ]; then
 fi
 
 if [[ $2 == 0x* ]]; then
-    echo "Error: Please pass the Full GPG KEY ID to sign with! (i.e. '9228DBCE20DDE5EC46488DE90B31DBA06A8A26F9')"
+    echo "Error: Please pass the Full GPG KEY ID to sign with! (i.e. 'E85FFA8E2E90B40B33ED39274FE13824E3FFC656')"
     exit 1
 fi
 
-if [ "$GPG_KEY_ID" = "D8BAD4DE7EE17AF52A834B2D0BB75829C2D4E821" ]; then
+if [ "$GPG_KEY_ID" = "E85FFA8E2E90B40B33ED39274FE13824E3FFC656" ]; then
   KEY_NAME=brave-core.asc
 else
   KEY_NAME=brave-core-nightly.asc