In order to ensure the authenticity and integrity of our migrations we use GnuPG.
Along with all the SQL migrations we provide a ASC file that allows you to verity each file.
For example, to verify iriusrisk-2.3.0.sql file you need perform the following:
1. Download iriusrisk-2.3.0.sql and iriusrisk-2.3.0.sql.asc files:
$ curl https://iriusrisk.s3-eu-west-1.amazonaws.com/4d76d6f8ff4196e97139ae78eb5329e7baa9006b/migrations/iriusrisk-2.3.0.sql > iriusrisk-2.3.0.sql
$ curl https://iriusrisk.s3-eu-west-1.amazonaws.com/4d76d6f8ff4196e97139ae78eb5329e7baa9006b/migrations/iriusrisk-2.3.0.sql.asc > iriusrisk-2.3.0.sql.asc
2. Download our GPG Public Key and save it as continuumsignature.gpg. Import it into GPG.
$ gpg --import continuumsignature.gpg
3. Verity.
$ gpg --verify iriusrisk-2.3.0.sql.asc iriusrisk-2.3.0.sql
In the out you should see the message:
Good signature from "Continuum Security <info@continuumsecurity.net>"
Comments
0 comments
Article is closed for comments.