On 01/16/15 20:19, Dennis Gilmore wrote:
Actually, it looks like when the rpms are signed from the start, then the repos get made with the signed rpms -- at least that's what the behavior appears to be in koji 1.6.0. I just need to know what metadata to delete so that I don't get "Package does not match intended download" errors when I try to use those RPMs.-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1On Fri, 16 Jan 2015 13:25:45 -0600 Mátyás Selmeci <[email protected]> wrote:On 01/16/15 11:53, Dennis Gilmore wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 16 Jan 2015 10:44:40 -0600 Mátyás Selmeci <[email protected]> wrote:On 01/16/15 01:39, Miroslav Suchý wrote:On 01/16/2015 03:30 AM, Mátyás Selmeci wrote:I have imported several rpms into our koji without realizing that they were unsigned. I'd like to sign them with our gpg key, but I can't figure out how to do that after the fact. We use the signing plugin from https://fedorahosted.org/koji/ticket/203, but that only works for rpms we build ourselves.You might find usefull: https://fedorahosted.org/katello/wiki/ReleasingKatello#Signpackages This describe how to sign packages in Katello private Koji instance. tl;dr version Just sign those packages and: koji -c ~/.koji/your-config import-sig *.rpm And they will appear as signed on koji.I tried that, then I did koji write-signed-rpm, and now I have both signed and unsigned RPMs in my packages directory. Then I did a koji regen-repo and tried to do an install from the newly created repo, but it's the unsigned package that got picked up. Is there any way around that? -Matyou have to use mash to make a repo with the signed rpms DennisIs there no way for me to delete the old rpms and reimport them? -Matkoji always keeps the unsigned rpms and the signature headers. you can clean up the the signed rpms but not teh unsigned ones. koji always makes its repos with unsigned rpms. deleting and reimporting will get you to exactly the same place as you are now. Dennis
-Mat
smime.p7s
Description: S/MIME Cryptographic Signature
-- buildsys mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/buildsys
