On 12/14/2010 11:23 PM, Jesse Keating wrote: > On 12/14/10 7:57 PM, Allen Hewes wrote: >> B) how do you get the signed RPMs on disk (the filesystem) back into >> Koji? I think this is the process I have come across in previous >> posts from Jesse/Mike. I don't understand what sigul is could be the >> issue... > > Sigul is calling koji import-sig in order to import the signed header > from the signed rpm. Koji can keep any number of signed headers for a > package. You can then ask koji to write out a version of rpms with > signed headers. This is actually done through the API, there is no > command line option for it. (koji list-api to get a list of all the > possible API calls)
You can use koji write-signed-rpm to get it to write out a copy signed with a previously imported signature. The API works too though. >> >> C) does step 3 mean that you have taken twice as much space on disk >> because know you have two versions (one signed and one unsigned) of >> the same NVR build? > > If you keep the signed one around yes. You don't have to sign every > build, or you don't have to keep the signed version around after you > publish them somewhere. > >> D) if I go to Fedora's Koji, I don't see two NVR RPMs per package. I >> think I am missing something here w.r.t getting signed RPMs back into >> Koji. > > http://kojipkgs.fedoraproject.org/packages/pungi/2.1.4/1.fc14/data/signed/97a1071f/noarch/ > > You'll see signed rpms there. The signature content gets put into the > <package>/<version>/<release>/data/ directory structure. > -- buildsys mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/buildsys
