Anapaya Software Releases¶
To verify that the Anapaya software has not been tampered with from the time it is released until the operator installs it on a device, we cryptographically sign our software releases.
Below, we provide the public keys that can be used to verify the signatures and the signatures themselves.
Please refer to the Anapaya documentation for detailed instructions on how to install and update Anapaya software.
All signing keys and signatures in a single tarball¶
Signing keys¶
The JSON file below lists all the valid public keys and metadata (e.g. fingerprint and creation time) corresponding to the private keys that Anapaya uses to sign release versions.
Signatures¶
The JSON files below list the signatures for each release version. The signatures are for the
anapaya-scion
and anapaya-system
packages. Each JSON file contains the name and checksum
of the package, as well as a list of package signatures along with the signature creation time
and the public key that can be used to verify the package.