Page MenuHomeVyOS Platform
Create Task
Maniphest T7276

Nightly builds since 2025.03.05-0017 are not signed by the documented key
Closed, ResolvedPublic
Actions

Description

Since the nightly builds have been renamed, starting with 2025.03.05-0017, it seems that they've been signed by a different key. On https://vyos.net/get/nightly-builds/ and https://github.com/vyos/vyos-nightly-build/blob/current/minisign.pub, the documented key is:

RWSIhkR/dkM2DSaBRniv/bbbAf8hmDqdbOEmgXkf1RxRoxzodgKcDyGq

However:

❯ minisign -Vm vyos-2025.03.05-0017-rolling-generic-amd64.iso -P RWSIhkR/dkM2DSaBRniv/bbbAf8hmDqdbOEmgXkf1RxRoxzodgKcDyGq
Signature key id in vyos-2025.03.05-0017-rolling-generic-amd64.iso.minisig is 7921A9C8E4AE0F98
but the key id in the public key is 0D3643767F448688

Was this change intended? If so, could the public key be updated on the website?

Thanks!

Details

Version
2025.03.05-0017
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Related Objects

Event Timeline

chenxiaolong created this task.Sat, Mar 22, 4:46 PM
chenxiaolong created this object in space S1 VyOS Public.
pasik subscribed.Sun, Mar 23, 9:34 AM
tomwas subscribed.Sun, Mar 23, 10:58 AM
dmbaturin merged a task: T7279: VyOS nightly build signed with wrong key.Mon, Mar 24, 8:02 PM
dmbaturin added a subscriber: ruffy91.
dmbaturin subscribed.

Thanks for reporting this! At least we know people actually use the signatures. ;)

This change was not intended — it's an artifact of a CI migration. We will fix that soon.

dmbaturin closed this task as Resolved.Thu, Mar 27, 7:30 PM
dmbaturin claimed this task.

The correct signing key is back now.

$ minisign  -P RWSIhkR/dkM2DSaBRniv/bbbAf8hmDqdbOEmgXkf1RxRoxzodgKcDyGq -Vm ./vyos-2025.03.27-0018-rolling-generic-amd64.iso
Signature and comment signature verified
Trusted comment: timestamp:1743035645	file:vyos-2025.03.27-0018-rolling-generic-amd64.iso	hashed
chenxiaolong added a comment.Thu, Mar 27, 9:36 PM

Thanks for the quick fix!