From a4e2b7acbb2584737c5fa2f63c5f7ee231f8b084 Mon Sep 17 00:00:00 2001 From: Dorian Stoll Date: Mon, 20 Jan 2020 12:29:48 +0100 Subject: [PATCH] Move secureboot certificate to a GH actions secret This also renames the variable for the GPG key to SURFACE_GPG_KEY, since it doesn't really have anything to do with github. Signed-off-by: Dorian Stoll --- .github/workflows/release.yml | 34 ++++++------- pkg/fedora/kernel-surface/surface.crt | 26 ---------- pkg/fedora/kernel-surface/surface.key.asc | 45 ------------------ pkg/fedora/surface-secureboot/surface.cer | Bin 1117 -> 0 bytes .../gpg/surface_gpg.asc => keys/surface.asc} | 0 .../sb/surface_sb.cer => keys/surface.cer} | Bin .../sb/surface_sb.crt => keys/surface.crt} | 0 pkg/secrets/.gitignore | 2 - pkg/secrets/decrypt.sh | 21 -------- pkg/secrets/gpg/surface_gpg.key.gpg | Bin 5130 -> 0 bytes pkg/secrets/sb/surface_sb.key.gpg | Bin 2596 -> 0 bytes 11 files changed, 18 insertions(+), 110 deletions(-) delete mode 100644 pkg/fedora/kernel-surface/surface.crt delete mode 100644 pkg/fedora/kernel-surface/surface.key.asc delete mode 100644 pkg/fedora/surface-secureboot/surface.cer rename pkg/{secrets/gpg/surface_gpg.asc => keys/surface.asc} (100%) rename pkg/{secrets/sb/surface_sb.cer => keys/surface.cer} (100%) rename pkg/{secrets/sb/surface_sb.crt => keys/surface.crt} (100%) delete mode 100644 pkg/secrets/.gitignore delete mode 100755 pkg/secrets/decrypt.sh delete mode 100644 pkg/secrets/gpg/surface_gpg.key.gpg delete mode 100644 pkg/secrets/sb/surface_sb.key.gpg diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a8c6699a6..040f8c2d7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,8 +10,7 @@ on: name: Create kernel release and upload binaries env: - KEY_ID: C1F105E07DA59F2C - KEY_NAME: surface-linux + GPG_KEY_ID: C1F105E07DA59F2C jobs: build-arch: @@ -50,7 +49,7 @@ jobs: - name: Sign packages env: - GPG_KEY: ${{ secrets.GITHUB_GPG_KEY }} + GPG_KEY: ${{ secrets.SURFACE_GPG_KEY }} run: | cd release @@ -59,7 +58,7 @@ jobs: export GPG_TTY=$(tty) # sign packages - ls *.pkg.tar.zst | xargs -L1 gpg --detach-sign --batch --no-tty -u $KEY_ID + ls *.pkg.tar.zst | xargs -L1 gpg --detach-sign --batch --no-tty -u $GPG_KEY_ID - name: Upload artifacts uses: actions/upload-artifact@v1 @@ -129,14 +128,14 @@ jobs: - name: Sign packages env: - GPG_KEY: ${{ secrets.GITHUB_GPG_KEY }} + GPG_KEY: ${{ secrets.SURFACE_GPG_KEY }} run: | # import GPG key echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes export GPG_TTY=$(tty) # sign package - dpkg-sig -g "--batch --no-tty" --sign builder -k $KEY_ID release/*.deb + dpkg-sig -g "--batch --no-tty" --sign builder -k $GPG_KEY_ID release/*.deb - name: Upload artifacts uses: actions/upload-artifact@v1 @@ -158,23 +157,26 @@ jobs: dnf install -y rpmdevtools rpm-sign 'dnf-command(builddep)' dnf builddep -y pkg/fedora/kernel-surface/kernel-surface.spec - - name: Setup certificates + - name: Setup secureboot certificate env: - LS_PASSWORD: ${{ secrets.LS_PASSWORD }} + SB_KEY: ${{ secrets.SURFACE_SB_KEY }} run: | - pkg/secrets/decrypt.sh -p "$LS_PASSWORD" -f pkg/secrets/sb/surface_sb.key.gpg - cp pkg/secrets/sb/surface_sb.key pkg/fedora/kernel-surface/surface.key - cp pkg/secrets/sb/surface_sb.crt pkg/fedora/kernel-surface/surface.crt + cd pkg + + # Install the surface secureboot certificate + echo "$SB_KEY" | base64 -d > fedora/kernel-surface/surface.key + cp keys/surface.crt fedora/kernel-surface/surface.crt - name: Build packages run: | - pushd pkg/fedora/kernel-surface - ../makerpm - popd + cd pkg/fedora/kernel-surface + + # Build the .rpm packages + ../makerpm - name: Sign packages env: - GPG_KEY: ${{ secrets.GITHUB_GPG_KEY }} + GPG_KEY: ${{ secrets.SURFACE_GPG_KEY }} run: | cd pkg/fedora/kernel-surface/out/x86_64 @@ -182,7 +184,7 @@ jobs: echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes # sign packages - rpm --resign *.rpm --define "_gpg_name $KEY_NAME" + rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID" - name: Upload artifacts uses: actions/upload-artifact@v1 diff --git a/pkg/fedora/kernel-surface/surface.crt b/pkg/fedora/kernel-surface/surface.crt deleted file mode 100644 index d458e5b66..000000000 --- a/pkg/fedora/kernel-surface/surface.crt +++ /dev/null @@ -1,26 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEWTCCA0GgAwIBAgIUXswTRJ9wc3c/U0VZ/zn4gZEQP9AwDQYJKoZIhvcNAQEL -BQAwgZMxCzAJBgNVBAYTAkRFMRQwEgYDVQQIDAtCcmFuZGVuYnVyZzEQMA4GA1UE -BwwHUG90c2RhbTEVMBMGA1UECgwMRG9yaWFuIFN0b2xsMSAwHgYDVQQDDBdTZWN1 -cmUgQm9vdCBTaWduaW5nIEtleTEjMCEGCSqGSIb3DQEJARYUZG9yaWFuLnN0b2xs -QHRtc3AuaW8wIBcNMTkwNDIzMjI0NjM4WhgPMjExOTAzMzAyMjQ2MzhaMIGTMQsw -CQYDVQQGEwJERTEUMBIGA1UECAwLQnJhbmRlbmJ1cmcxEDAOBgNVBAcMB1BvdHNk -YW0xFTATBgNVBAoMDERvcmlhbiBTdG9sbDEgMB4GA1UEAwwXU2VjdXJlIEJvb3Qg -U2lnbmluZyBLZXkxIzAhBgkqhkiG9w0BCQEWFGRvcmlhbi5zdG9sbEB0bXNwLmlv -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6RzT8ewIgYtLd8YQA56 -BMCGXBrauzmYvABaNomTPZPbeLrqIbt3lMaA++yzYWOXjZs9aa31njgrw0I1wqMP -DAMMYQAOVBa9Oyp7NzvfHCRYXpZ0k2B3URFVQapVqCs+4l2eEf/36xoqNG+cVMzb -mbv19/PU2w4Xc7sLr1h/S3jkvs/I8tuLzxPY9rQsnxeOJz+WanVBkJ7YeQEpqnYV -xb/ABHaxmJ7TH42BrwwSljVgKRmONTzmWPqBb7cNNac90hjwKH7J6mAdaHmtUUdV -IG2NigS+x3+H2F+C9ePiP29Ge3QIR6ow82k9avgDdngRqTKwalHiMDMhG25n9UIh -cwIDAQABo4GgMIGdMB0GA1UdDgQWBBTBi7Ab2CFO1DJIKqoMHDb/sCgu2DAfBgNV -HSMEGDAWgBTBi7Ab2CFO1DJIKqoMHDb/sCgu2DAMBgNVHRMBAf8EAjAAMB8GA1Ud -JQQYMBYGCCsGAQUFBwMDBgorBgEEAYI3CgMGMCwGCWCGSAGG+EIBDQQfFh1PcGVu -U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAnSSC -xOAGG2QBALMU7IuThbuvcEubY51WOK5sWUTZ6YR6AfcCxDGbTSwk7lqaZ/RgWes1 -knu0rZ0/s+VUoH5zO9MWOlm+Ji6JxjMh4BfZoQksp8hMCzGzZEIQGdwVhCCw9Wg4 -En2TO/5/HjeXRtP1Eapt7vllDBangB5/xrMXIUq/7oDnjZHx3e7X456ZUq2Lkg2k -gPEhaCEdXEnxQo+eYGxeGxjGMq4QXTYzf2klbNImiTDY6kI0pg+yz80o8Rbk4Sdm -YzK3F/oJ1xaC4PL4ho6tVcFSyA+Tclg9dhjgJxsL9Le79HmU2pzXK6D6cpXg7LLp -whMV7LE6d/r3SkvHNQ== ------END CERTIFICATE----- diff --git a/pkg/fedora/kernel-surface/surface.key.asc b/pkg/fedora/kernel-surface/surface.key.asc deleted file mode 100644 index f60909c30..000000000 --- a/pkg/fedora/kernel-surface/surface.key.asc +++ /dev/null @@ -1,45 +0,0 @@ ------BEGIN PGP MESSAGE----- - -hQIMA0kEEAV+39rqAQ/9HMJOBLFEWfScG8cDFYzQuxT59Pb5nBkQDiNmPaFIgPZ6 -b9fZ59zhTPxLpqUtb5NirR066Ywx0+bLF4G58hRc7GmpTa0N7kgXO89zxm+27zHE -Pb/mdAzCI0SyXjgs1duBdPgvmxhxN+0ejI3wa2QBGeW88V6+8vlqXlNjQo0FZANp -uRH31MCurdMBF2eNkFjuwRPbplQWPy5yZQSgNiw92W3RkWIeGThzp0nRPSb/SAP9 -6Ls1CEgVf64SzXsisxXksFSeyMgjMhwZkAgDjBhlTf3QJg3AyXu6TZeqUU/x7ZLz -xFqUL65rwfMLjKhrZhpQFCsJkvVQ8eNOkHeD6TOd2xKZ8+alG5Q1Q+j6GQLAYQRD -+ChV6cJCY3WlH2Uqf31HS5RxrT1Bnk7DSJeSFpJijA15OCsABeeHOu8uszyHv00I -VfV7sZ6nnNM3Kw8d3BJg4pWJSeYe1Iys2Zlo4KTV0q8jFpmbz9JnhhZ1pe7xGMZz -r0KfRexgCOXukAzLlJd5tt+bQFkw8ceqFbZeRBo1xbgjYgzIBmNKHJWWJh6L+Hcg -HmhXi/z7OZHtpNs3loeb/uTvItv39MBbh6zNDpKhLncmOXDFteVdFaxaC1h77LPW -scIeAHXlFxYbuYKXMaygjB8z9nPa6lOpPbz/wYslZWxue/2rcVoro4uphrEMsxnS -6gH5jrmBss+62xrAd7UBVB01qt9u3d6vxlcA9lsuYG7YgpfdLDhG0dPQAHERgyfn -HMp6m4l7JV7dpTwJgGcb42IgREQGxsAPwGbr0OY+3giMCh/YB5hJaiM2qVk7WajS -hIowFPIxpjdB0K71rLrkunBikgsuJHgem9MLpT9FrSVU4uOi2HYSLm6Afa5X2c3G -k/fWDvrK9U37pl5NPRT9Q+01MCjKD0s44vKqFW71Y7vYllZko8pNrPqF+lC4UyYj -yXVRD3VNRLzf2PxQmKNNSncurYF312zEKkcLRhmhPm2LcG19ADy6tEGtzSxzPOdI -daczY0yF/CxF7QbdYyOMvVdEYVGhhf36ZYfB+LmIj1j7mHJlbMSvC0yTaOhEf7rZ -rQbhkjhomyMgdphIAm0kFDZfk2sbYlUFt+vlwKckhIAe2wMBFhjQXThkegOJfRK6 -Wo4ob2E8ZVhOOrwbFKLrF9kDPSZ/TZe/xVAkaGKmcCVNtLitfcMaOVlPujVzLFAJ -NMlWp+jn4XGXlRgGtEhnU/QUIbjHhgMwe3eYAMeWxePJ7KmW2Vlw9lraqwMo+hxZ -7ShN5d2nZmz7GnUpP1iprTl3Cwqr/QOrUQpZpa4iMWrm2HIStPKi+qAxamkltKwq -iAdDPzggCQC5Z92/xc6i5gqhE/Rvto3ZaikMSgrTg/B2qtbhwMiXju0QvO80h27b -y1peU37nvqo6lOlHInEiOTU8o18zmXeOC9Io4vZTqLAwVqJt5kQWGnAqpkqYQ/dV -xUhuhKTj6W8szNiB6diOJR/TrLJIueLfV9EiekIz3p7hfFOC1Czb2jrXYjTvz7Ri -qVB6Ia9ibCADD/b/Grlte2H38uhfdJ5qE/ew5o4S4vkNwwhJlzv+cs6N5rsVVCzj -Q/pSlvTHRN8aCtWuAGcOvtvUKdjnSvcpGCS8BKzoc+1cZv4o9e37eQXfwekvst+R -Vnj6J73il/HeSlUsBfairCyjlvHVBwkdxT7Iz7P0I7Mnr1P1McUiEaKfGcHrANqT -QAM5JGc1fAnKlzCLDLrTM7fycIE4XhKfFFpmX1oDWNvPwJm+fNMx6yLt4FqxMJZo -gcu2y7hHawgxP+yBChjqILZj2786HfwgQ5ydb9FqtbPes/8dz9HcoxFz+Fdwywn7 -EFSs1S1xlAuAwDkrJ9e+00fYzdpBjpL2HB6kvz/DT9uVWNi2CuMXAgZ9gLUGUHJw -CxAWouINNi7h4t9N71zZP9OkMsh7qQduT7ow1eXW1Chzc1XgSvK0UvNl2GN2iQu1 -mIt52rWRTW8i0K0r18FRH8RhqxbYmxfkxHNNKyz+cAGG8HSEpT3W4q4S4z8kVyXp -w8RRqUDPUFE/zM8LMe+exdjAsvP7z5gX22GmlHmIcwFcpVakc88gz+NcZ6Yvl5q3 -ZrB0tV/9hWLCoHC5cmdl9s6vsfZFKCmwm0otBkuUM/hK17AVaNqxCiNHVzh+x+gd -VHpm/qzAuALH151CN+0U6G/4LtQxU9YUydQ1Xzb6pNuBP8ckA8FFics3QNSrvXvM -aPFUyOGwx5Vp3d4EMp+YCWVwGnFY5vsUsImJU122eBTCVugB3iz3Vr/4brbSZlft -Fs4JeJ+Ju9zQLsDYpeD3cVMbzKtxwdv9jHfofkl6muN0j+jBJPef1uzXrff1IGTx -Y8peLxpFfu32N6EnhZZRRxX5V0p/gud546/nb+uiOYeT/Cms0bAUXTu519TEVoSR -p6MGjQ9F6KBugy4FfYMOJ4wmMMvxzh0dZj7xDjPD7tPogo/ZOpQkf9QlupmqO//4 -s5Tm9vGSvWREo0lfVtR36v2raIyDjwUz05gkxxvv5A3Spy0KOdEOwMAmFGSIJUWH -TY4Nme0= -=XFHW ------END PGP MESSAGE----- diff --git a/pkg/fedora/surface-secureboot/surface.cer b/pkg/fedora/surface-secureboot/surface.cer deleted file mode 100644 index 48cb60e862ac45ad6bae6a0192d53ee4f8952cb7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1117 zcmXqLVu>_pVs>1>%*4pVBocQ<*kyh}ak+i4Yvg~+AB__Q>@OJbvTjAOzxY@Nhd7CFZ51<|UODr5g$u@PS0xdDsK;ONvtx za}7legh3))JUlM>MVX0t3c)4$IXQ+3267-_W*+h2)a25lR0XH}{1S!W%=Em>ymSTc z)Jj8T14XzCI2px6Qo!2vib2{PN^*+}^fL1e6vTNAEe%YJjE#&;%#1CfB>0UCfdah2~+CFB5RWMyD(V&rEqXkz4IYGPz$*uSLM|M&(aHeKEO5)OP-EC>Pgp~d_>%shzZLvDs+Xm-J{rfg8#q2meMlGpA&NC_RQU1zkj}Rn@_xW zH~0F8dhd!S`_7;Ebi4b!@QrUDs`MN??xq~=BhH$qx%oAlx>_b@3MSv z<9Z&UX{HI9l6|H&&mw*`=5OaUU2c0x;)6!r$yW)o8I@}T-9r^}d%IZn9j|Y{5#RLn z@gw_ux9SoO_f-a;Gi|eeFqc&bt~A<^75K=&SW!AJ{i~B=F%vT*1LNYx1qO|C4P=1{ zMV606j78*N_Xg=3ihfs&JhWEv$e8`#prLoeKprHm%pzeR)_`3B4@iM9BjbM-CIbeD za#fIWHV$nzMpjmKW@a`nAd7{u$()Os%|M5ZGoj6cvF(QwBQJ}*n5=(6YF==#kAiz@ zUTRTdNotCMb81mZW?E)4kb@kFz+3{1L`H_WDosZout}#dGHe!k(>=L$_xb|w*~xRm zEY{^jy4-x(QpNb4>4@QMUmcZqQM1y&Bt*V8om9PL?OglKPeT^e6XIZ-7bF>T$TIoXDW}_@&>v3 zW1Gblz4pIrc-}klDQYi3-Z zshV?1t<&JfD<_j>{F~07)%Ym(eoVwq+6z p)TOz}ha*R>b?Dw_J>&8C-!ghk(Mv?~Ag-OKy9DFAhBiWmR@ diff --git a/pkg/secrets/gpg/surface_gpg.asc b/pkg/keys/surface.asc similarity index 100% rename from pkg/secrets/gpg/surface_gpg.asc rename to pkg/keys/surface.asc diff --git a/pkg/secrets/sb/surface_sb.cer b/pkg/keys/surface.cer similarity index 100% rename from pkg/secrets/sb/surface_sb.cer rename to pkg/keys/surface.cer diff --git a/pkg/secrets/sb/surface_sb.crt b/pkg/keys/surface.crt similarity index 100% rename from pkg/secrets/sb/surface_sb.crt rename to pkg/keys/surface.crt diff --git a/pkg/secrets/.gitignore b/pkg/secrets/.gitignore deleted file mode 100644 index a9fa0e9e1..000000000 --- a/pkg/secrets/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -surface_sb.key -surface_gpg.key diff --git a/pkg/secrets/decrypt.sh b/pkg/secrets/decrypt.sh deleted file mode 100755 index 3fd808779..000000000 --- a/pkg/secrets/decrypt.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh - -PASS="" -FILE="" - -while getopts ":p:f:" args; do - case "$args" in - p) - PASS=$OPTARG - ;; - f) - FILE=$OPTARG - ;; - esac -done -shift $((OPTIND-1)) - -OUTPUT=$(echo $FILE | sed 's/.gpg$//g') - -gpg --quiet --no-tty --batch --yes --decrypt \ - --passphrase="$PASS" --output $OUTPUT $FILE diff --git a/pkg/secrets/gpg/surface_gpg.key.gpg b/pkg/secrets/gpg/surface_gpg.key.gpg deleted file mode 100644 index e510d65d51d9dc453c00f6a53b2f00aff30f6773..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 5130 zcmV+l6!q(j4Fm}T0{aRXJh(8>vhULD0dtNJvjszzTnR^o>cTv(h|~{zaKuQPs5uF2 z*JNc=%0|v4{9>4#Szk*ie29&&3vVDpry`oui zYVXygx=iNgh_0nyqX$g}IVKz=jauc|0%@iC)Q4a>Wp#Nn%~Rhqn1yjMMK$|cjwDUo zHaLQ_JpBP;D_?Cl_+|1)} zL~3n9h~U350+qKGlRK=3m^_i&&zwhq`Y*ZB^U?#|c%?cZerR3ZR;>8(eBcxP5@$SC zso3b&?7qZ3Q3(|Kx`Lh%T66_E-Hrcm+^eEx`vZSnpD*QFG7*hZU96rPF0`DU_LJL9 zvPR}&`Q6K@#D3*BXmIrRIrpP}NwwM_lmLk5t%(7xw&YRhmF6~I#>ZaG?4dVE|AeC=)PFUAg-RLAs*`*{d z$NWDAhh)eiVSZMTnK&X(Yo?fyN z!U!o%=Vo1O>kJven?Hezv2sfDmNhmN_Ijun9D&j~5a0m)63aaBkEVmqdB=emsvfrL z(NIU^$7#VqA} zIHcimsMY#sA+2seb7=}EzI&ro&4b~h&^ZPhFWkh;dV&!=u8-7X#+3(24%C^J8^%v4 z>WZRVzl}f(3G9D+HwIKOE%BW$nO3ZJX#j&#C)SBy1zd;iN0}Vz(ghJ-_OT6a!n;lk z+KnRHY#eIU0HJmrfTo7cByl6?!gTbM%n}!qvZKee)CgxPvDDW5OksFAkn{zfIwjua z>tIojM7@gWCfK674u4X$Bdbw2e$<4_Mv1w69+5dAN;A&uo?XMT|MA@a>>v`vLhbNE z;M8xDETEWgy9>5Tkk1#oNzpbbP9im;PJV`k8Lul3GH(tn&tw`AGro~J*kwJ^3d4`G z?K48B_+;4v&PGfmklP@5`jxZN(DWB`kR_G}HEbP!%r-+n)q^X2r`bRw<@EWV%!A!` ztZh<)R4~YB89vlEfk=g$9O>}Lm4$1!uF$`6kgn!U_x~Q`{x4m9-!xU9dI7ob*LT!) zLv~)XPNu4n&u7=Q8}!JN1dICrA0h)j4LCBpFFe-$?SL3y^tJW`=;jOaDeNvo<5fW?n56fIeHx79V5zL- zU4_~~Udt7efC}_U`i!do@OkGAuT)TP@3G<9=vqfTa4FPNehG}sahe*UHZ$9RVXaKI z9ge)8@#@WS2#6=6NDXcjPhsAxT!iATp^GrU#?AnjC_q&Fb6qP~wiVlDof)PpIgfY`(uLW}dJYr=)BDu$AD~O%p|{C;^5d zF4tOup8tzyp^?$jhp+fOHL)S{yXnFr!n9O&S%CsKJ$>1M;JDlWl?>z*DzLueP39fG zUx;zYY?x&b!U2XAEf!3GIOT=|Yhr+l!@z_*@%Gh_XLC!Qcq;L#T)xMuTrjf@zydG@ z1`S*aQ*(gu697YQfA^W}qjF#_mN;^gPQ))CB>{(bxVv<{mPn&N0CFM@8>A23qXs?8 z!I=HU(E2#eIa>#R+LA)tQ$bKo^l&P#XQ$0Z*oMWbT-;4ipOP4v&ntPH6k?5GtJ0wv z*THy>Jrdv;)>rWjEV?b`H;mXQ7IxR;8{*!L=sf~hFOlU%ZE=|aVtHX7Yh3eO?<1juf zDor4?JvrH(IjQF=hhipV^h(FBe)hrU2^BmU-|-W=yzntbDs-bji90>iuppAYPiU`G z9vDnbqN*>i#d1xLZ1d3z?qRI0-##9QmxG^(LPXzORqHm9Htld;&^ zpP#_YNFt;Oyd&VVg>56Da&{O@KTzx6t?PF2Q(Gyv`w-Swyi?yGrrX|PMJ~=fSx5I3tjCoNfr*qO$BI_?RcP9GQ5Iqt+mkG()O+VsII( zN+_J&*?xOJ$_%R`bwVT?-A-$`9Hb^MDm!oRBQPtFb_D!@&MMsa$#dXAB>~PZoO_P` z3e8R?1U@b5%X4Miwj#czi5hw#bRoD8!~^yb3Zbo``WT1vceY0#z{y|M^yr*MXiZ#N z0QZ+bxVIjGNB7)fBR`sP$Y$%IR*8GzdHkGW_`dyt7ScJ-dPRc$s#h8|iNkvwPlnmF zu%Sy+%Kt3%m{G4_`I~)&h`H&r$Og!DLd|swrChn@_m*EY2bKTr~~;y(a*?$x_n5gL%{rEP_`n@CdE`i~to zbGvrCAkPFzhL~hl3Z*J)^loN}<^~TkoYs`UB^�(B>T!$bps8ys_$93$nI$W&iz% zqr@Ua0qn4w+U_^dDTf5es{r0gVmwarRmaW7qDB~bwg|{f0cIx2O!SU)Wq~5ODJ`8{ z-@~$wkMtJhGjLFUmD-0X zLC$qk+#m`e|THHIMLHpR`j0N3J;>u#XT>1?n z`*a*2wa9CGd|de2&YfSIV-4EDoq=MnCDltJQ5MEK4f+<`i5!Xq!bVmzQZg2#k6?wk zwJWQ1h8YbLGodOV*_8fCMU8R4>Js_Pr76A{L=jR`2zT@`CdCvM?!e)ZmOl2e3e}(_ z@%|NZW8IaGV))a%huKOwq{6uZu*z4C#4Wt`w6+oM6dk;ChV#rW`A^G|8ftCJw2H|P zB{TeU?J21c!LgNxilOeB^xHyRx&TkKedkSup79j>8j#jd%76>Wp)qUGWp7Ebvxmd0 z-*QqD?OnFs_BxtivgDBAuoJD4Y{2gdOheVZ-Y5^zaA-N(vN~*xI&Hli=6-!30&2*Y zBy_DA(UkehcenHRm}iW=z3VxK26<;?e&FtpnNJ<8deWH7Dl6{^h^Z=0nKD*FIx*A__ds1>&~cc_z*)C{ z`F#EQ0=o3u1^wXDY%9McHamBW?p$K&DDir@>vr>qc^SBLO2h+ov#;NPx;&f;`$>2G z9OZe=mtT}BO!ze$7&lOl)}>1Wo?oeVY`Yr(F6or2b#9&pn0;r3ONS75yrK1f<1U@? zG6%YV9C$#;7T1t{nv2L+=V6ys^>2AK7k=f;E_z6HvUAPvl)@&;a)Er?2!B;KrS^hg z<&#L4oI1}Tjs{k@RD*_B_q-cWNe7MTt_NqIy)XZlnIwD!Yj-o>ln7Zb78{Gr07#91 z1$Zq;5l&`3;G6f^XUiH|pFhl%tUF?hbHxFE8o%AbD_zb|c&dk*;Uz4p(BBA>? zD-{q5xyB8HEnmH6^*pLkFWR6NymAsz?49`5;{IR7hf-F+YI z%OO}y!!O8&}{98s|B?2j_p>3EGsZzWnHFM6R*m~CG8bli`Jsd=^BjT=2mIOm7 zTTik9&eB<-l9NMc%m>w_zy00;cgrk!TnJ}xaz{45KUWm{lBtQWdHIGOcISdn@k{O^ zwq0o-I#mvycRYDiTIEz=Mp5z6@;$vvAqee-Q0<7=m#EU@OvtA-o<}A z81}l>EHOKeXTz&#%vdOXss+ea_O!Ia$)!vyQT4BaJ-{rH5}d_jZ>JhORd>ll)w~x_ zmy!M2(Dmu>>6+J)==IH7`;I#z-8cm zBdY>cHW#V3v_c5J1|_@8X%`CoDq!I;pDe%i0{?xC$i zbbpNsa%+HEB(q!=I^O17 z@4Puu2ve(M=WB58rm$lwU!G7IxP72*Uwp{)^;c<33)#S9ij%G<1N=W|@D>?yq9}|z z{pwV<|Y$yMGNZ;qI0}Mc3PWgnx5+^Tf2?;ppx*GO`WA%R=6NsXS)= zdoM%(8316`os0X!*i@8ZnyJ>T@S(W=kh(7kH-|h!@;}h{vpIYr&2BhnF~1=Su%fSL zntmBV)odWBxzE`cGe@pGHQ&06V}%+jWSLe*VD|h!^ELtrJK#4VC&y4JsPKi^4Gf#R>Tah6E}UT5ZMQFHcx?KBZkMk zQI*-#Tm~_{-GeeEYn=y~>99hJd$dN~eoclzVSEssw)&I-#NZRltSX2vC*>7UPhd1bbksDQ5E8h~VS6Bm1*&gqbTFNj>DSj7})C2q$i1%U@Z}+Tw*^sWjjP| z0kBVq{wAeF5(e#INCEb1=IPtv>fkpUkqK0WvBb5~peJOT$jj4c9|C%5a(RYhFPB2b zJxd{|c3Nsyf}73X51C-u$Zvm?HG6!UrF<>^)OBw4N|;)4ZXm^t>$zZ5O2^@@9PYnw zM;YxB&2<=+o_BaW^8|sMiHv&97(B-i!@VwSwPqkE;ueLmR3=%9{Fa{&T%fc zO$IAK2D$SBjCKEgzKbdv{I7tAerq-5ZM2ZAU1l)mg8myX;V4QIyKgvBJw5+fTBohq zHV?UO!zi)0+=i5L#2vKrIRhM^g0QYr0O`%PSgjoQDphQyl=IU7k1apZ$L7?_TX6OL z8R)A>T?mrvw2<`VGV|Rd>tC?4#^D1zSgWf1o+`&E>-;z%9Gc?_woN9oI;yoImr!=; zNCz4N9eUJ?fXab3xIdI~Y4X6`M)WSz!pX#5T)Y<4g%yrMx%#Q*rM0u4?7=pHRBCWsc~0c}zQg;}g*b-s=B-r$hS)GA;)mhBdxHY3Z{NsV8_78L@gcn^ zS*ID4dSn;85H?NF`8h;5s3hRKrDhjNtDV?vq8i4cOXa#qZ(p&s>dvbJoj7wFMg~O+ z`S8Mkl>e}G|KXhG30IjciXy>ytq`2-c6qQ4_o?04;h3MW{1;r{>4-bUqIg7YIu`ze zTs6W!?c6)qnvfN0s4j}oB+BT`d!_B_1D38H0B>-JA{YU0%@5;3>~pWU!gXt(AOQ-g zWj5#U2+CN)tJpW02ao?_sy{pa`?G9b&Bs@_*WI3sL80rfp{Y<-m)|8qnLS+7h+V!h zM3~%m-a9#!%1rUb#?C6lE7>xJ{QOjGBG4t-n0mdeRPXqSHgIFs1nOimQ#yoornn1`il!MlD$QSv!vy!>8T^Kx%+Y-nJ@I1d(~X&HNGSM6w$$M zJ|Uth66gP>pP3#qj@x2zp3>dqSS8eDmFUjACc8Am zf{5iP#*&yBPE&@(Kgia0zecHN-6g<#U1Qdx7caRe=GAK!*jiZ|82|tP diff --git a/pkg/secrets/sb/surface_sb.key.gpg b/pkg/secrets/sb/surface_sb.key.gpg deleted file mode 100644 index 672f4a538d028cf54c62b6d76acc9ffe1de03f69..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2596 zcmV+<3fuLJ4Fm}T0-D_}hv&-q((lsi0c`sCyEMakU6xuekEF+sx|?b>A+zYH@8OE##-T%OZGvPidOLqCns zoX`b22qp&WZT0a7+LbCxqi;QMh7WFU!eN-Gd=Zgm>5rsL_ z7hzNgSX#B%h+J$wZY4uTx~XJrsf+|ns+r_1|Ko{bzpNtW@C<%i!`fA!%_o4FpVhn* zC7W|{BOIdQs#bPEpyYYF-MHGeUX;0d_8 zMAe~DE-0)h?hgJS+`BOG$yk)75jClCl=A;M?KPAn5AxE|p7J6kktAo9al!I+Y+j1@qUxX; z0J1V2@NY%R6gK9h9c`c4-`}OXrWm~gC6UC$(3fN7dHF`!L?yJhZuYoSv7IFi{ARw8 z*W~`ZYn@+z>P2ss$7!zRs?e7tJv-y}*618Wi5iK1Q_mO$s8CW|>E{DDkZh-evAt{U zCYWQ1Mv2 zyILar>WE@0iVjCRwWow`TLTd443lFCkerL{=z@8O-?N>60I2U zx}g?|`);Y#Pc;Hh&|fv-PsV9Z`tCjqrq4Z$(1}=AJBpT3-mx~aSKDX3N-DNvMDCFr z)<1XcGUN3QwgbH4acIDi5>P=u&E07LXGukNZXeqfID`jvyd6dIb1geekt+ zR|x2v(3&BF%-K6dRo}$D?Lwbthw!(D!0xL4bIebcJqgd#gn^hV_mE_t1myJNgA*U%qm2mN!=M$W4!BpoL=;gAvtP$OoY!F_bv}TU zW@wxWYzGB?Gh_iri*&8H-Ar;N*$kU{>f0Ryg8ylV!-cp}*K1uFkZhu;wKIF&;&Vjp zgNYN=S;@2huLiF+2T~+M{hw;V(Um6$F@k_Q4j|->zNRP?5#(*kQfD)vcxGg|=6#)m zo6km`sa39wW~~aZ!LmT#cp-oLDcA;rgKld_Nyg_+oOe(UJ6+>LETqS!nMAT^%{mk% z2ZaX=&383IDzi9#{z$z;7`|m&^u^?|FHE_tXGrrN&lHlr*OQoVozef5AK2Sp??Z;8 zXxzpSAhyLRra84c2wz;Ft0Nlb(mV9SKESSq<^t?+4DNUt7ZwP%f>_eE6Uv@qkFvMI zzu^#iB)m|eej0jDf=2LpXQPa+e6c`>cEZUsAQ0jny$SAFhRnkq974^YUkL(j2|YovG?PHLqlb( zKz@Mw>Kw%Si=M5_bsR{;{g+QiT!;=Y_}OF2F_)xe0;jCZ;{-F=>r*G5INVeDG4lkk0A5h+$i&(1w5 z$gw41X&^yuqw% zM?*?oqHtTZh-AluHJoyGsLzOqP{6)co~oyGYIdICT8~3#9k&F^NWa?PWE+Qx*pjw zHI?)+q=X(;0k?TAsb1lE3GHU4Y^7 z6SrY^J~zxyKncESPZH#{cxZ}vK||*ZlZ0)q00%Fyql`8U#xy{SsUI!Wx@KkP#sFa` zWl%jt|B>+IrWdL;ou^@i!c>!Uam6!`&B@qtbTFi0@gOTd2Kcztn#D(xiEkuTPS)$ zKlZakYv#I^bkJdYj62IY^(3d*go?g&jLK}_!R#aY;HMFF28Pu(Jr%{)kog6CJ}}1Q+IeqP-vzRl3wNu?Uj63fvxcqX*@S5q__F)p7d{ zM@2$^1xjb9jBKMJNF^1zQLP1uS?Hf#++?ZkMBY|(34rU zdmRtq6fnAQ8ST>X^(XSr&sI~4T7VQ5ZZLlOB#_Sdh$@zyKdu@^x% G+F}7L#1B9K