On 08/19/2009 05:08 AM, Greg Trahair wrote:
I'm using Koji in combination with Mash to create rpms, but at the
moment I'm not signing them and I need to start that now. I'm finding
it quite hard to find any way that the koji/mash combination can do this
without me having to create my own mechanism.
Koji does not have an internal signing mechanism. It tracks signatures
and can store differently signed copies of the same rpm efficiently, but
it does not create signatures.
If you import a signed rpm, koji will import the signature. You can
import signatures for an rpm later by using the import-sig subcommand.
The basic tool for signing rpms is rpm itself.
http://docs.fedoraproject.org/drafts/rpm-guide-en/ch11s04.html
To sign an rpm from koji, you should make a copy of the file, sign it
with the appropriate rpm command, and import the signature. Fedora
rel-eng has a script to help automate this. Note that you should not
simply sign the file directly under /mnt/koji, as this causes an
inconsistency between the filesystem and the database (hence the copy step).
https://fedorahosted.org/rel-eng/browser/scripts/sign_unsigned.py
--
Fedora-buildsys-list mailing list
Fedora-buildsys-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
