Hi Allen! I'm not sure how the Fedora guys do it... There's a lot of black (scripting) magic involved I guess. :-)
And yes, the script is already using the the larger key size, but that's not hard to "fix"... Come on guys, show us your dirty little tricks! :-P Best, Oliver Am 14.12.2010 06:54, schrieb Allen Hewes: > >> >> Hi Allen! >> >> You might want to look at the following post: >> >> http://www.mail-archive.com/[email protected]/ms > g02187.html >> >> -of > > Hi Oliver, > > Thanks for link. I had not come across this thread. > > It would appear that currently there isn't any method to sign RPMs within > koji or mash. You can import prebuilt RPMs with signatures into Koji. I don't > know much about importing RPMs into koji because I haven't had a need. > > Do the Fedora guys use the sign_unsigned.py script for the official Fedora > yum repos? If so, how do they use mash? Because it looks to me that if you > use this script, it does one of the steps mash does; fetching RPMs out of > koji tags. > > I would have guessed that the Fedora guys generate their yum repos via mash > from koji tags and then sign RPMs. > > I'd have to modify this script to suit my needs, but I think I could do it. > It also looks like it relies on a newer version of RPM, the rpm command for > key size == 4096 is one spot I noticed. > > Also, I have to enter a passphrase when I sign my RPMs but this script > doesn't have any provisions for that. Is there a way to make rpm --resign not > prompt for a passphrase? > > Has there been any talk about adding RPM signing to mash? It seems like > that'd be a good place for it. > > Thanks, > > /allen > -- > buildsys mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/buildsys -- buildsys mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/buildsys
