Skip to content
This repository has been archived by the owner on Jul 28, 2024. It is now read-only.

Latest commit

 

History

History
21 lines (12 loc) · 2.1 KB

README.developer.md

File metadata and controls

21 lines (12 loc) · 2.1 KB

Google Cloud Platform Node.js Docker Image Developer's Guide

Adding a New Node.js Release Key

The runtime image provides an install_node script that can be used to install custom versions of Node.js. This script uses the bootstrap_node script (which uses the verify_node script) to download the requested version of Node.js and uses gpg to verify that the downloaded file was signed by a trusted key.

If a new person is added to the Node.js release team, their key will need to be added to the KEYS file, and a new runtime image will need to be released that includes the new key.

As an example, node PR #16620 added Gibson Fahnestock to Release team. The pull request specified that their key can be used via:

 gpg --keyserver pool.sks-keyservers.net --recv-keys 77984A986EBC2AA786BC0F66B01FBB92821C587A

To update the runtime image's KEYS file to use this user's key, update the gen_keys.sh to add the key 77984A986EBC2AA786BC0F66B01FBB92821C587A to the keylist array.

Then manually run the docker_gen_keys.sh script to generate a new KEYS file. The script will generate the keys within a Debian 8 Docker container to ensure a fresh installation of gpg is used when generating the keys.

The script will also output the new list of keys. You will need to update the GPG_KEYS variable in the runtime-image/test/test.ts file to include the information about the newly added key. This is needed since the test.ts file contains a test that verifies that the only keys available in the runtime image are trusted keys used to sign Node.js releases.

If possible, you should also create a structure test in test_config.yaml that verifies that key can be used to install a version of Node signed with the new key.