Verify signature for artifacts downloaded during elastic-agent packaging #4445
Labels
enhancement
New feature or request
Team:Elastic-Agent
Label for the Agent team
Team:Elastic-Agent-Control-Plane
Label for the Agent Control Plane team
Comments
pchila
added
Team:Elastic-Agent-Control-Plane
|
Pinging @elastic/elastic-agent (Team:Elastic-Agent) |
|
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the enhancement:
Elastic Agent downloads a lot of external archives when creating packages, we should verify the signature of such archives using the relative .asc file.
Describe a specific use case for the enhancement or feature:
Elastic Agent packaging using DRAs or external dependencies
What is the definition of done?
Every downloaded package signature is checked and if any package fails the signature check, packaging must fail
The text was updated successfully, but these errors were encountered: