On Tue, Dec 14, 2010 at 2:49 AM, Oliver Falk <[email protected]> wrote: > Hi Allen! > > I'm not sure how the Fedora guys do it... There's a lot of black > (scripting) magic involved I guess. :-) > > And yes, the script is already using the the larger key size, but that's > not hard to "fix"... > > Come on guys, show us your dirty little tricks! :-P
There are no dirty tricks. It essentially goes: 1) RPMs built in koji 2) sign_unsigned.py is run against various koji tags. Either dist-f1x-candidates or dist-f1x-updates-testing, or whichever need to be signed. NOTE: rawhide is not signed 3) mash is run against the tag after the RPMs have all been signed. 4) Bodhi does some symlink switching after all the mashes have completed successfully and the new repos are pushed to the mirrors. That's it. No tricks, nothing super efficient. At some point, there was discussion on having koji do the signing automatically after a build completes. I think that is still a long term plan, but it requires a project to use a single key for all packages. josh -- buildsys mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/buildsys
