ASC Signature File for Commercial Releases

docker
sonarqube

(Gash Teshome) #1
  • Which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    SonarQube 7.3 Developer Edition
  • What are you trying to achieve
    I am trying to build Docker images of Developer Edition (7.3) based on the Dockefiles from https://github.com/SonarSource/docker-sonarqube. One issue I’m running into is that I cannot find an ASC signature (*.asc) file from https://www.sonarqube.org/downloads/. The Dockerfiles use the .asc file to verify the SQ binary before install. Does SonarSource provide ASC signature files for commercial releases?
  • What have you tried so far to achieve this
    For the moment I have commented out the verification step to build the Docker image but I would prefer to have the ability to verify the binary during the image build.

(Colin Mueller) #3

Gash,

Indeed, the ASC signatures are available. Checkout https://sonarsource.bintray.com/CommercialDistribution/sonarqube-developer/ where you can find the ASC signature for the Developer Edition of 7.3.

Colin


(Gash Teshome) #4

Excellent! Thank you!