On Tue, Dec 14, 2010 at 8:20 AM, Christos Triantafyllidis <[email protected]> wrote: > Hi Josh, all, > > i'm reading this thread and i think that i've missed some point. What is the > purpose of signing an RPM if you sign it on an online machine? I haven't seen > the sign_unsigned.py source yet but i guess what should be there is a > mechanism that should download the unsigned RPMs, then a manual operation of > RPM sign (possibly on an offline or at least access restricted node), and > then another script to import the signed RPMs (or just the signatures).
sign_unsigned.py uses sigul under the covers to do the actual RPM signing. > Am i seeing this from a wrong perspective? does Fedora really sign the RPMs > online? I guess this gets even worse if the sign operation is done more > efficiently, automatically after each koji build. No, currently the signing is done on a secure node. There is a sigul bridge that interfaces with sigul client requests and a secure node in the datacenter that can only talk to that bridge. It is not accessible via http, ssh, etc. The server signs the RPMs using the keys. Additionally, the server also generates those keys and stores them locally. Authenticated users can request it sign an RPM with a particular key, but those users don't actually have access to that key at all. The gpg key never leaves the sigul server. This is much better than what was previously done, as that required sending the key(s) to trusted individuals on multiple machines. josh -- buildsys mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/buildsys
