Skip to content

Commit 459704c

Browse files
PettitWesleyPettitWesley
committed
Added the Amazon ECS PGP Public Key; added instructions for verifying signatures.
1 parent a9d7a96 commit 459704c

File tree

2 files changed

+171
-0
lines changed

2 files changed

+171
-0
lines changed

README.md

Lines changed: 86 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ Line Interface](http://aws.amazon.com/cli/) product detail page.
1919
- [Latest version](#latest-version)
2020
- [Download Links for within China](#download-links-for-within-china)
2121
- [Download specific version](#download-specific-version)
22+
- [Verifying Signatures](#verifying-signatures)
2223
- [Configuring the CLI](#configuring-the-cli)
2324
- [ECS Profiles](#ecs-profiles)
2425
- [Cluster Configurations](#cluster-configurations)
@@ -84,6 +85,91 @@ downloading, remember to rename the binary file to `ecs-cli`.
8485
* [https://s3.amazonaws.com/amazon-ecs-cli/ecs-cli-windows-amd64-v1.0.0.exe](https://s3.amazonaws.com/amazon-ecs-cli/ecs-cli-windows-amd64-v1.0.0.exe)
8586
* [https://s3.amazonaws.com/amazon-ecs-cli/ecs-cli-windows-amd64-v1.0.0.md5](https://s3.amazonaws.com/amazon-ecs-cli/ecs-cli-windows-amd64-v1.0.0.md5)
8687

88+
### Verifying Signatures
89+
90+
If you wish to verify your ECS CLI download, you can use the PGP Signatures.
91+
92+
#### 1. Install [GnuPG](https://www.gnupg.org/)
93+
94+
###### Linux
95+
96+
Install `gpg` using the package manager on your flavor of linux.
97+
98+
###### Mac
99+
100+
One easy way is to use Homebrew, a package manager for OS X. Install Homebrew using the [instructions on its site](https://brew.sh/).
101+
102+
```
103+
brew install gnupg
104+
```
105+
106+
###### Windows
107+
108+
Go to the GnuPG [download page](https://gnupg.org/download/) and download the simple installer for Windows. Use the installer to install the GPG tool.
109+
110+
#### 2. Import the Amazon ECS PGP Public Key
111+
112+
You can find the Public Key in our GitHub Repo, in the file [amazon-ecs-public-key.gpg](amazon-ecs-public-key.gpg).
113+
114+
```
115+
gpg --import amazon-ecs-public-key.gpg
116+
```
117+
118+
Key Metadata:
119+
120+
- Key ID: 0x2D51784F
121+
- Type: RSA
122+
- Size: 4096/4096
123+
- Expires: Never
124+
- User ID: Amazon ECS <ecs-security@amazon.com>
125+
- Key fingerprint: F34C 3DDA E729 26B0 79BE AEC6 BCE9 D9A4 2D51 784F
126+
127+
#### 4. Downloading Signatures
128+
129+
ECS CLI signatures are ascii armored detached PGP signatures stored in files with the extension ".asc". The signatures file will have the same name as its corresponding executable with ".asc" appended. In the
130+
131+
###### Mac
132+
```
133+
curl -o ecs-cli.asc https://s3.amazonaws.com/amazon-ecs-cli/ecs-cli-darwin-amd64-latest.asc
134+
```
135+
136+
###### Linux
137+
```
138+
curl -o ecs-cli.asc https://s3.amazonaws.com/amazon-ecs-cli/ecs-cli-linux-amd64-latest.asc
139+
```
140+
141+
###### Windows
142+
```
143+
PS C:\> Invoke-WebRequest -OutFile ecs-cli.asc https://s3.amazonaws.com/amazon-ecs-cli/ecs-cli-windows-amd64-latest.exe.asc
144+
```
145+
#### 4. Verifying a Signature
146+
147+
Assuming you installed the ECS CLI in the recommended location for your platform:
148+
149+
###### Mac and Linux
150+
```
151+
gpg --verify ecs-cli.asc /usr/local/bin/ecs-cli
152+
```
153+
###### Windows
154+
```
155+
gpg --verify ecs-cli.asc C:\Program Files\Amazon\ECSCLI\ecs-cli.exe
156+
```
157+
158+
Expected output:
159+
160+
```
161+
gpg: Signature made Tue Apr 3 13:29:30 2018 PDT
162+
gpg: using RSA key DE3CBD61ADAF8B8E
163+
gpg: Good signature from "Amazon ECS <ecs-security@amazon.com>" [unknown]
164+
gpg: WARNING: This key is not certified with a trusted signature!
165+
gpg: There is no indication that the signature belongs to the owner.
166+
Primary key fingerprint: F34C 3DDA E729 26B0 79BE AEC6 BCE9 D9A4 2D51 784F
167+
Subkey fingerprint: EB3D F841 E2C9 212A 2BD4 2232 DE3C BD61 ADAF 8B8E
168+
```
169+
170+
The warning in the output is expected and is not problematic; it occurs because there is not a chain of trust between your personal PGP key (if you have one) and the Amazon ECS PGP key. For more information, learn about the [Web of trust](https://en.wikipedia.org/wiki/Web_of_trust).
171+
172+
87173
## Configuring the CLI
88174

89175
The Amazon ECS CLI requires some basic configuration information before you can use it, such as your

amazon-ecs-public-key.gpg

Lines changed: 85 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,85 @@
1+
-----BEGIN PGP PUBLIC KEY BLOCK-----
2+
Version: GnuPG v2.0.22 (GNU/Linux)
3+
4+
mQINBFq1SasBEADliGcT1NVJ1ydfN8DqebYYe9ne3dt6jqKFmKowLmm6LLGJe7HU
5+
jGtqhCWRDkN+qPpHqdArRgDZAtn2pXY5fEipHgar4CP8QgRnRMO2fl74lmavr4Vg
6+
7K/KH8VHlq2uRw32/B94XLEgRbGTMdWFdKuxoPCttBQaMj3LGn6Pe+6xVWRkChQu
7+
BoQAhjBQ+bEm0kNy0LjNgjNlnL3UMAG56t8E3LANIgGgEnpNsB1UwfWluPoGZoTx
8+
N+6pHBJrKIL/1v/ETU4FXpYw2zvhWNahxeNRnoYj3uycHkeliCrw4kj0+skizBgO
9+
2K7oVX8Oc3j5+ZilhL/qDLXmUCb2az5cMM1mOoF8EKX5HaNuq1KfwJxqXE6NNIcO
10+
lFTrT7QwD5fMNld3FanLgv/ZnIrsSaqJOL6zRSq8O4LN1OWBVbndExk2Kr+5kFxn
11+
5lBPgfPgRj5hQ+KTHMa9Y8Z7yUc64BJiN6F9Nl7FJuSsfqbdkvRLsQRbcBG9qxX3
12+
rJAEhieJzVMEUNl+EgeCkxj5xuSkNU7zw2c3hQZqEcrADLV+hvFJktOz9Gm6xzbq
13+
lTnWWCz4xrIWtuEBA2qE+MlDheVd78a3gIsEaSTfQq0osYXaQbvlnSWOoc1y/5Zb
14+
zizHTJIhLtUyls9WisP2s0emeHZicVMfW61EgPrJAiupgc7kyZvFt4YwfwARAQAB
15+
tCRBbWF6b24gRUNTIDxlY3Mtc2VjdXJpdHlAYW1hem9uLmNvbT6JAjkEEwECACMF
16+
Alq1SasCGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRC86dmkLVF4T9iF
17+
EACEnkm1dNXsWUx34R3c0vamHrPxvfkyI1FlEUen8D1huX9xy6jCEROHWEp0rjGK
18+
4QDPgM93sWJ+s1UAKg214QRVzft0y9/DdR+twApA0fzyuavIthGd6+03jAAo6udY
19+
DE+cZC3P7XBbDiYEWk4XAF9I1JjB8hTZUgvXBL046JhGeM17+crgUyQeetkiOQem
20+
LbsbXQ40Bd9V7zf7XJraFd8VrwNUwNb+9KFtgAsc9rk+YIT/PEf+YOPysgcxI4sT
21+
WghtyCulVnuGoskgDv4v73PALU0ieUrvvQVqWMRvhVx10X90J7cC1KOyhlEQQ1aF
22+
TgmQjmXexVTwIBm8LvysFK6YXM41KjOrlz3+6xBIm/qebFyLUnf4WoiuOplAaJhK
23+
9pRY+XEnGNxdtN4D26Kd0F+PLkm3Tr3Hy3b1Ok34FlGrKVHUq1TZD7cvMnnNKEEL
24+
TUcKX+1mV3an16nmAg/my1JSUt6BNK2rJpY1s/kkSGSEXQ4zuF2IGCpvBFhYAlt5
25+
Un5zwqkwwQR3/n2kwAoDzonJcehDw/C/cGos5D0aIU7IK2X2aTD3+pA7Mx3IMe2h
26+
qmYqRt9X42yF1PIEVRneBRJ3HDezAgJrNh0GQWRQkhIxgz6/cTR+ekr5TptVszS9
27+
few2GpI5bCgBKBisZIssT89aw7mAKWut0Gcm4qM9/yK61bkCDQRatUmrARAAxNPv
28+
VwreJ2yAiFcUpdRlVhsuOgnxvs1QgsIw3H7+Pacr9Hpe8uftYZqdC82KeSKhpHq7
29+
c8gMTMucIINtH25x9BCc73E33EjCL9Lqov1TL7+QkgHeT+JIhZwdD8Mx2K+LVVVu
30+
/aWkNrfMuNwyDUciSI4D5QHa8T+F8fgN4OTpwYjirzel5yoICMr9hVcbzDNv/ozK
31+
Cxjx+XKgnFc3wrnDfJfntfDAT7ecwbUTL+viQKJ646s+psiqXRYtVvYInEhLVrJ0
32+
aV6zHFoigE/Bils6/g7ru1Q6CEHqEw++APs5CcE8VzJuWAGSVHZgun5Y9N4quR/M
33+
9Vm+IPMhTxrAg7rOvyRN9cAXfeSMf77I+XTifigNna8xt/MOdjXr1fjF4pThEi5u
34+
6WsuRdFwjY2azEv3vevodTi4HoJReH6dFRa6y8c+UDgl2iHiOKIpQqLbHEfQmHcD
35+
d2fix+AaJKMnPGNku9qCFEMbgSRJpXz6BfwnY1QuKE+IR6jA0frUNt2jhiGG/F8R
36+
ceXzohaaC/Cx7LUCUFWc0n7z32C9/Dtj7I1PMOacdZzzbjJzRKO/ZDv+UN/c9dwA
37+
kllzAyPMwGBkUaY68EBstnIliW34aWm6IiHhxioVPKSpVJfyiXPO0EXqujtHLAeC
38+
hfjcns3I12YshT1dv2PafG53fp33ZdzeUgsBo+EAEQEAAYkCHwQYAQIACQUCWrVJ
39+
qwIbDAAKCRC86dmkLVF4T+ZdD/9x/8APzgNJF3o3STrFjvnV1ycyhWYGAeBJiu7w
40+
jsNWwzMFOv15tLjB7AqeVxZn+WKDD/mIOQ45OZvnYZuyX7DR0JszaH9wrYTxZLVr
41+
uAu+t6UL0y/XQ4L1GZ9QR6+r+7t1Mvbfy7BlHbvX/gYtRwe/uwdibI0CagEzyX+2
42+
D3kTOlHO5XThbXaNf8AN8zha91Jt2Q2UR2X5T6JcwtMzFBvZnl3LSmZyE0EQehS2
43+
iUurU4uWOpGppuqVnbi0jbCvCHKgDGrqZ0smKNAQng54F365W3g8AfY48s8XQwzm
44+
cliowYX9bT8PZiEi0J4QmQh0aXkpqZyFefuWeOL2R94SXKzr+gRh3BAULoqF+qK+
45+
IUMxTip9KTPNvYDpiC66yBiT6gFDji5Ca9pGpJXrC3xeTXiKQ8DBWDhBPVPrruLI
46+
aenTtZEOsPc4I85yt5U9RoPTStcOr34s3w5yEaJagt6SGc5r9ysjkfH6+6rbi1uj
47+
xMgROSqtqr+RyB+V9A5/OgtNZc8llK6u4UoOCde8jUUWvqWKvjJB/Kz3u4zaeNu2
48+
ZyyHaOqOuH+TETcW+jsY9IhbEzqN5yQYGi4pVmDkY5vulXbJnbqPKpRXgM9BecV9
49+
AMbPgbDq/5LnHJJXg+G8YQOgp4lR/hC1TEFdIp5wM8AKCWsENyt2o1rjgMXiZOMF
50+
8A5oBLkCDQRatUuSARAAr77kj7j2QR2SZeOSlFBvV7oSmFeSNnz9xZssqrsm6bTw
51+
SHM6YLDwc7Sdf2esDdyzONETwqrVCg+FxgL8hmo9hS4crR6tmrP0mOmptr+xLLsK
52+
caP7ogIXsyZnrEAEsvW8PnfayoiPCdc3cMCR/lTnHFGA7EuR/XLBmi7Qg9tByVYQ
53+
5Yj5wB9V4B2yeCt3XtzPqeLKvaxl7PNelaHGJQY/xo+mV0bndxf9IY+4oFJ4blD3
54+
2WqvyxESo7vW6WBh7oqv3Zbm0yQrr8a6mDBpqLkvWwNI3kpJR974tg5o5LfDu1Be
55+
eyHWPSGm4U/G4JB+JIG1ADy+RmoWEt4BqTCZ/knnoGvwD5sTCxbKdmuOmhGyTsso
56+
G+3OOcGYHV7pWYPhazKHMPm201xKCjH1RfzRULzGKjD+yMLT1I3AXFmLmZJXikAO
57+
lvE3/wgMqCXscbycbLjLD/bXIuFWo3rzoezeXjgi/DJxjKBAyBTYO5nMcth1O9oa
58+
Fd9d0HbsOUDkIMnsgGBE766Piro6MHo0T0rXl07Tp4pIrwuSOsc6XzCzdImj0Wc6
59+
axS/HeUKRXWdXJwno5awTwXKRJMXGfhCvSvbcbc2Wx+LIKvmB7EB4K3fmjFFE67y
60+
olmiw2qRcUBfygtH3eL5XZU28MiCpue8Y8GKJoBAUyvfKeM1rO8Jm3iRAc5a/D0A
61+
EQEAAYkEPgQYAQIACQUCWrVLkgIbAgIpCRC86dmkLVF4T8FdIAQZAQIABgUCWrVL
62+
kgAKCRDePL1hra+LjtHYD/9MucxdFe6bXO1dQR4tKhhQP0LRqy6zlBY9ILCLowNd
63+
GZdqorogUiUymgn3VhEhVtxTOoHcN7qOuM01PNsRnOeSEYjf8Xrb1clzkD6xULwm
64+
OclTb9bBxnBc/4PFvHAbZW3QzusaZniNgkuxt6BTfloSOf4inq71kjmGK+TlzQ6m
65+
UMQUg228NUQC+a84EPqYyAeY1sgvgB7hJBhYL0QAxhcW6m20Rd8iEc6HyzJ3yCOC
66+
sKip/nRWAbf0OvfHfRBp0+m0ZwnJM8cPRFjOqqzFpKH9HpDmTrC4wKP1+TL52LyE
67+
qNh4yZitXmZNV7giSRIkk0eDSko+bFy6VbMzKUMkUJK3D3eHFAMkujmbfJmSMTJO
68+
PGn5SB1HyjCZNx6bhIIbQyEUB9gKCmUFaqXKwKpF6rj0iQXAJxLR/shZ5Rk96Vxz
69+
OphUl7T90m/PnUEEPwq8KsBhnMRgxa0RFidDP+n9fgtvHLmrOqX9zBCVXh0mdWYL
70+
rWvmzQFWzG7AoE55fkf8nAEPsalrCdtaNUBHRXA0OQxGAHMOdJQQvBsmqMvuAdjk
71+
DWpFu5y0My5ddU+hiUzUyQLjL5Hhd5LOUDdewlZgIw1jxrEAUzDKetnemM8GkHxD
72+
gg8koev5frmShJuce7vSjKpCNg3EIJSgqMOPFjJuLWtZvjHeDNbJy6uNL65ckJy6
73+
WhGjEADS2WAW1D6Tfekkc21SsIXk/LqEpLMR/0g5OUifwcEN1rS9IJXBwIy8MelN
74+
9qr5KcKQLmfdfBNEyyceBhyVl0MDyHOKC+7PofMtkGBq13QieRHv5GJ8LB3fclqH
75+
V8pwTTo3Bc8z2g0TjmUYAN/ixETdReDoKavWJYSE9yoMaaJu279ioVTrwpECse0X
76+
kiRyKToTjwOb73CGkBZZpJyqux/rmCV/fp4ALdSW8zbzFJVORaivhoWwzjpfQKhw
77+
cU9lABXi2UvVm14v0AfeI7oiJPSU1zM4fEny4oiIBXlRzhFNih1UjIu82X16mTm3
78+
BwbIga/s1fnQRGzyhqUIMii+mWra23EwjChaxpvjjcUH5ilLc5Zq781aCYRygYQw
79+
+hu5nFkOH1R+Z50Ubxjd/aqUfnGIAX7kPMD3Lof4KldDQ8ppQriUvxVo+4nPV6rp
80+
Ty/PyqCLWDjkguHpJsEFsMkwajrAz0QNSAU5CJ0G2Zu4yxvYlumHCEl7nbFrm0vI
81+
iA75Sa8KnywTDsyZsu3XcOcf3g+g1xWTpjJqy2bYXlqz9uDOWtArWHOis6bq8l9R
82+
E6xr1RBVXS6uqgQIZFBGyq66b0dIq4D2JdsUvgEMaHbce7tBfeB1CMBdA64e9Rq7
83+
bFR7Tvt8gasCZYlNr3lydh+dFHIEkH53HzQe6l88HEic+0jVnA==
84+
=LqgN
85+
-----END PGP PUBLIC KEY BLOCK-----

0 commit comments

Comments
 (0)