I’m in the process of signing model assertions for an image and studied if signing can be automated.
Automated can mean also having keys on a CI server, having separate keys for internal development assertions and published assertions, revoking keys and using keys without passphrase (non-interactive signing). Non-interactive signing I found to work by testing - just snapcraft create-key passwordlesskey and hit enter two times. After that you can sign your model assertions in non-interactive shell (e.g. Jenkins) using snap sign -k passwordlesskey > yourimage.model
Questions:
- Where are the keys stored - what is the absolute path to keys for a $USER?
- I want to move the keys between machines or users within the machine.
- It’s probably documented in the code but I did not look into that yet.
- Revoking keys - seems “revoke-key” is implemented https://bugs.launchpad.net/snapstore/+bug/1669471 but I could not find it from 2.33 (on my Ubuntu 16.04 with snapcraft from deb). Issue was reported on 2.27 five months ago. Is “revoke-key” available in some version and how to update to that?
- Obviously everyone needs to be careful with their keys but what happens to already signed assertions after revoking the keys - for example one of us finds that her keys have been compromised somewhere in the past?