msb-public
/
helm
mirror of https://github.com/helm/helm
1
0
Code Issues Projects Releases Wiki Activity

docs(provenance): update explanation of new GnuPG format (#4710)

Browse Source 
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
pull/3703/merge
Matt Butcher 6 years ago committed by GitHub
parent 12ace315ea
commit 597c4fb421
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 17 deletions
Show Stats Download Patch File Download Diff File

31
docs/provenance.md
Unescape View File

@ -22,12 +22,17 @@ Prerequisites:
- A valid PGP keypair in a binary (not ASCII-armored) format
- The `helm` command line tool
- GnuPG command line tools (optional)
- GnuPG >=2.1 command line tools (optional)
- Keybase command line tools (optional)
**NOTE:** If your PGP private key has a passphrase, you will be prompted to enter
that passphrase for any commands that support the `--sign` option.
**NOTE:** The keyfile format for GnuPG changed in version 2.1. Prior to that release
it was unnecessary to export keys out of GnuPG, and you could instead point Helm
at your `*.gpg` files. With 2.1, the new `.kbx` format was introduced, and this
format is not supported by Helm.
Creating a new chart is the same as before:
```
@ -42,10 +47,10 @@ the name under which the signing key is known and the keyring containing the cor
$ helm package --sign --key 'helm signing key' --keyring path/to/keyring.secret mychart
```
**TIP:** for GnuPG users, your secret keyring is in `~/.gnupg/secring.gpg`. You can
**TIP:** for GnuPG users, your secret keyring is in `~/.gnupg/secring.kbx`. You can
use `gpg --list-secret-keys` to list the keys you have.
**Warning:** the GnuPG v2 store your secret keyring using a new format 'kbx' on the default location '~/.gnupg/pubring.kbx'. Please use the following command to convert your keyring to the legacy gpg format:
**Warning:** the GnuPG v2.1 store your secret keyring using a new format 'kbx' on the default location '~/.gnupg/pubring.kbx'. Please use the following command to convert your keyring to the legacy gpg format:
```
$ gpg --export-secret-keys >~/.gnupg/secring.gpg
@ -95,24 +100,16 @@ Prerequisites:
The first step is to import your keybase keys into your local GnuPG keyring:
```
$ keybase pgp export -s | gpg --import
$ keybase pgp export -s > secring.gpg
```
This will convert your Keybase key into the OpenPGP format, and then import it
locally into your `~/.gnupg/secring.gpg` file.
You can double check by running `gpg --list-secret-keys`.
This will convert your Keybase key into the OpenPGP format, and then place it
locally into your `secring.gpg` file.
```
$ gpg --list-secret-keys 1 ↵
/Users/mattbutcher/.gnupg/secring.gpg
-------------------------------------
sec 2048R/1FC18762 2016-07-25
uid technosophos (keybase.io/technosophos) <technosophos@keybase.io>
ssb 2048R/D125E546 2016-07-25
```
> Tip: If you need to add a Keybase key to an existing keyring, you will need to
> do `keybase pgp export -s | gpg --import && gpg --export-secret-keys --outfile secring.gpg`
Note that your secret key will have an identifier string:
Your secret key will have an identifier string:
```
technosophos (keybase.io/technosophos) <technosophos@keybase.io>

Write Preview
Loading…
Cancel
Save