Private/public key pairs and keyrings are generated by GPG toolset. The plugin is signed with the private key and the public key needs to be added to the user's keyring. The signing is an armored detached signature in the form of a .asc file.
Default SWISnap installation comes with all binaries singed and also public keyring to verify binaries. If you don't use custom plugins, there is no need to generate additional GPG signatures.
Those instructions are for Linux systems, although might be run on Windows as well.
- Install GnuPG (https://gnupg.org/download/index.html)
%echo Generating a default key
Name-Real: John Doe
Name-Comment: Plugin signing key
Generate the key using batch modeCopy
gpg --batch --gen-key gpg-batch
gpg --no-default-keyring --secret-keyring ./swisnap.secring --keyring ./swisnap.pubring --list-keys
In the following output:Copy
pub rsa4096 2020-05-19 [SCEA]
uid [ unknown] John Doe (Plugin signing key) <firstname.lastname@example.org>
sub rsa4096 2020-05-19 [SEA]
Make the key ultimately trusted (use remembered key). Answer with: 5, y and enter quitCopy
gpg --no-default-keyring --secret-keyring ./swisnap.secring --keyring ./swisnap.pubring --edit-key 789522F00692E4789E8908090242D094292BE4A2 trustCopy
Your decision? `5`
Do you really want to set this key to ultimate trust? (y/N) `y`
created: 2020-05-19 expires: never usage: SCEA
trust: ultimate validity: unknown
created: 2020-05-19 expires: never usage: SEA
[ unknown] (1). John Doe (Plugin signing key) <email@example.com>
Please note that the shown key validity is not necessarily correct
unless you restart the program.
Export public key from keyringCopy
gpg --no-default-keyring --armor --secret-keyring ./swisnap.secring --keyring ./swisnap.pubring --export firstname.lastname@example.org > pubkeys.gpg
Sign binary (ie. snap-plugin-collector-example) providing passphrase (from gpg-batch: swisnap)Copy
gpg --no-default-keyring --armor --secret-keyring ./swisnap.secring --keyring ./swisnap.pubring --output snap-plugin-collector-example.asc --detach-sig snap-plugin-collector-example
(optional) Verify signature using keyringCopy
gpg --no-default-keyring --secret-keyring ./swisnap.secring --keyring ./swisnap.pubring --verify snap-plugin-collector-example.asc snap-plugin-collector-example
Copy the ".asc" and binary files into SWIsnap bin folder and append "pubkeys.gpg" file into
keyring_paths: "C:/Program Files/SolarWinds/Snap/.gnupg/swisnap.gpg;C:/Users/MyUser/pubkeys.gpg"
- Restart swisnapd
- Verify with
swisnap plugin listthat your plugin is signed and running.
When the APM Integrated Experience is enabled, AppOptics shares a common navigation and enhanced feature set with the other integrated experiences' products. How you navigate AppOptics and access its features may vary from these instructions. For more information, go to the APM Integrated Experience documentation.
The scripts are not supported under any SolarWinds support program or service. The scripts are provided AS IS without warranty of any kind. SolarWinds further disclaims all warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The risk arising out of the use or performance of the scripts and documentation stays with you. In no event shall SolarWinds or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the scripts or documentation.