FYI - this is my schedule of work needed to sign packages in Copr:
Hardware:
=========
Next visit in PHX is planned on June/July. Next one is January of 2015.
Ideal (and most paranoid) setup would require one physical machine for Signing server and one for copr-backend and one
wire between them. With no remote access to signing server.
But we have not HW for this.
What we can have is have signing machine in VM with restrictive SW defined network. If that VM can be only one VM on
host, then it would be great.
To set up VM and networking and create ansible manifest, can take up to one
week.
Software:
=========
I would go the obs-sign way.
It would require to get one patch into GPG2. Patch is made by SuSe, but does
not live in upstream.
TMraz (RH packager) preliminary approved this patch, but have few comments, which would need to be address (name of cmd
option, no man page...). Then I will try to get it in upstream, but there is risc of rejecting. But TMraz is willing to
accept it as patch into Fedora and RH package. This is backup plan. (1.5 week to work on patch, 1 w for communitation
with upstream or tmraz)
JStribrny promised to re-package obs-sign. (0.5w)
We should enhance documentation of obs-sign and likely write HOWTO for
deployment. (0.75w)
We need to deploy and configure obs-sign on VM. (0.75w)
Mutatis mutandis of Copr (1w).
Sum it up (5.5 week)
Total = 6.5 weeks
--
Miroslav Suchy, RHCE, RHCDS
Red Hat, Senior Software Engineer, #brno, #devexp, #fedora-buildsys
_______________________________________________
infrastructure mailing list
infrastructure@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure
