From b8190f19dced7e8f23d7d4cce44a79c81f1e0cdf Mon Sep 17 00:00:00 2001 From: floatingghost Date: Sat, 10 Sep 2022 14:44:17 +0000 Subject: [PATCH] 2022.09 stable release chores (#206) Co-authored-by: FloatingGhost Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/206 --- CHANGELOG.md | 4 +- SIGNING_KEY.pub | 2 + .../installation/verifying_otp_releases.md | 66 +++++++++++++++++++ mix.exs | 2 +- 4 files changed, 72 insertions(+), 2 deletions(-) create mode 100644 SIGNING_KEY.pub create mode 100644 docs/docs/installation/verifying_otp_releases.md diff --git a/CHANGELOG.md b/CHANGELOG.md index f63fa540c..5cd48b07c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). -## [Unreleased] +## 2022.09 ### Added - support for fedibird-fe, and non-breaking API parity for it to function @@ -13,9 +13,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - the ability to obfuscate domains in your MRF descriptions - automatic translation of statuses via DeepL or LibreTranslate - ability to edit posts +- ability to react with remote emoji ### Changed - MFM parsing is now done on the backend by a modified version of ilja's parser -> https://akkoma.dev/AkkomaGang/mfm-parser +- InlineQuotePolicy is now on by default ### Fixed - Compatibility with latest meilisearch diff --git a/SIGNING_KEY.pub b/SIGNING_KEY.pub new file mode 100644 index 000000000..7d8b48da8 --- /dev/null +++ b/SIGNING_KEY.pub @@ -0,0 +1,2 @@ +untrusted comment: Akkoma Signing Key public key +RWQRlw8Ex/uTbvo1wB1yK75tQ5nXKilB/vrKdkL41bgZHL9aKP+7fSS5 diff --git a/docs/docs/installation/verifying_otp_releases.md b/docs/docs/installation/verifying_otp_releases.md new file mode 100644 index 000000000..86dacfec2 --- /dev/null +++ b/docs/docs/installation/verifying_otp_releases.md @@ -0,0 +1,66 @@ +# Verifying OTP release integrity + +All stable OTP releases are cryptographically signed, to allow +you to verify the integrity if you choose to. + +Releases are signed with [Signify](https://man.openbsd.org/signify.1), +with [the public key in the main repository](https://akkoma.dev/AkkomaGang/akkoma/src/branch/develop/SIGNING_KEY.pub) + +Release URLs will always be of the form + +``` +https://akkoma-updates.s3-website.fr-par.scw.cloud/{branch}/akkoma-{flavour}.zip +``` + +Where branch is usually `stable` or `develop`, and `flavour` is +the one [that you detect on install](../otp_en/#detecting-flavour). + +So, for an AMD64 stable install, your update URL will be + +``` +https://akkoma-updates.s3-website.fr-par.scw.cloud/stable/akkoma-amd64.zip +``` + +To verify the integrity of this file, we have two helper files + +``` +# Checksums +https://akkoma-updates.s3-website.fr-par.scw.cloud/{branch}/akkoma-{flavour}.zip.sha256 + +# Signify signature of the hashes +https://akkoma-updates.s3-website.fr-par.scw.cloud/{branch}/akkoma-{flavour}.zip.sha256.sig +``` + +Thus, to upgrade manually, with integrity checking, consider the following script: + +```bash +#!/bin/bash +set -eo pipefail + +export FLAVOUR=amd64 +export BRANCH=stable + +# Fetch signing key +curl --silent https://akkoma.dev/AkkomaGang/akkoma/raw/branch/$BRANCH/SIGNING_KEY.pub -o AKKOMA_SIGNING_KEY.pub + +# Download zip file and sig files +wget -q https://akkoma-updates.s3-website.fr-par.scw.cloud/$BRANCH/akkoma-$FLAVOUR{.zip,.zip.sha256,.zip.sha256.sig} + +# Verify zip file's sha256 integrity +sha256sum --check akkoma-$FLAVOUR.zip.sha256 + +# Verify hash file's integrity +# Signify might be under the `signify` command, depending on your distribution +signify-openbsd -V -p AKKOMA_SIGNING_KEY.pub -m akkoma-$FLAVOUR.zip.sha256 + +# We're good, use that URL +echo "Update URL contents verified" +echo "use" +echo "./bin/pleroma_ctl update --zip-url https://akkoma-updates.s3-website.fr-par.scw.cloud/$BRANCH/akkoma-$FLAVOUR" +echo "to update your instance" + +# Clean up +rm akkoma-$FLAVOUR.zip +rm akkoma-$FLAVOUR.zip.sha256 +rm akkoma-$FLAVOUR.zip.sha256.sig +``` diff --git a/mix.exs b/mix.exs index ef038ce74..19e6fd045 100644 --- a/mix.exs +++ b/mix.exs @@ -4,7 +4,7 @@ defmodule Pleroma.Mixfile do def project do [ app: :pleroma, - version: version("3.1.0"), + version: version("3.2.0"), elixir: "~> 1.12", elixirc_paths: elixirc_paths(Mix.env()), compilers: [:phoenix, :gettext] ++ Mix.compilers(),