Hey, our internal Yum repository is finally GPG signed. Having a package installed on any of the RHEL machines (except for combobox, still on RHEL 5, which does not support V4 signatures) we manage now requires you to sign the package before installing it on the relevant directory under /home/admin/pkgs. I cooked a script that will make the whole process easier on this side. [1]
The signing key is currently hosted on puppet-back which has a rw NFS mount on /home/admin from combobox. Note this is an exception as other machines mount /home/admin as read only for security purposes. The private key is therefore hosted on a different machine than the mount point itself and it's currently available to all users having root on that machine. A SOP has also been created [2] with a set of common operations you can perform with the script. That's all for now! [1] https://git.gnome.org/browse/sysadmin-bin/tree/rpm-signer.py [2] https://wiki.gnome.org/Sysadmin/SOP/RPMInternalSignatures -- Cheers, Andrea Debian Developer, Fedora / EPEL packager, GNOME Infrastructure Team Coordinator, GNOME Foundation Board of Directors Secretary, GNOME Foundation Membership & Elections Committee Chairman Homepage: http://www.gnome.org/~av _______________________________________________ gnome-infrastructure mailing list [email protected] https://mail.gnome.org/mailman/listinfo/gnome-infrastructure
