[pve-devel] Release Signatures
Fabian Grünbichler
f.gruenbichler at proxmox.com
Mon Dec 6 09:22:35 CET 2021
On December 5, 2021 6:42 pm, Sid Spry wrote:
> Are checksums and release signatures available for install media?
yes.
checksum via TLS:
https://proxmox.com/en/downloads/item/proxmox-ve-7-1-iso-installer
(applies to other products/versions as well)
checksum + signature:
http://download.proxmox.com/iso/
signing key == repository key[1,2,3]
1: checksum via TLS https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_11_Bullseye#Adapt_your_sources.list
2: keys via TLS https://git.proxmox.com/?p=proxmox-archive-keyring.git;a=tree;f=debian;h=d3538cb8ad0753a45ded226c56e1ac0323a83588;hb=HEAD
3: or installed on any current PVE/PMG/PBS system via
`proxmox-archive-keyring` ;)
> What about code signing on repos?
no, there is no signing of git commits/.. . our consumable artifacts for
users are deb packages, which are chained to the repo signing key as
trust anchor.
More information about the pve-devel
mailing list