RE: Koji and Signing RPMS
> To sign an rpm from koji, you should make a copy of the file, sign it > with the appropriate rpm command, and import the signature. Fedora > rel-eng has a script to help automate this. Note that you should not > simply sign the file directly under /mnt/koji, as this causes an > inconsistency between the filesystem and the database (hence the copy > step). > > https://fedorahosted.org/rel-eng/browser/scripts/sign_unsigned.py How do I use this sign_unsigned.py script? -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
Re: Koji and Signing RPMS
On Wed, 2009-08-19 at 12:02 -0400, Mike McLean wrote: > On 08/19/2009 05:08 AM, Greg Trahair wrote: > > I'm using Koji in combination with Mash to create rpms, but at the > > moment I'm not signing them and I need to start that now. I'm finding > > it quite hard to find any way that the koji/mash combination can do this > > without me having to create my own mechanism. > > Koji does not have an internal signing mechanism. It tracks signatures > and can store differently signed copies of the same rpm efficiently, but > it does not create signatures. > > If you import a signed rpm, koji will import the signature. You can > import signatures for an rpm later by using the import-sig subcommand. > > The basic tool for signing rpms is rpm itself. > http://docs.fedoraproject.org/drafts/rpm-guide-en/ch11s04.html > > To sign an rpm from koji, you should make a copy of the file, sign it > with the appropriate rpm command, and import the signature. Fedora > rel-eng has a script to help automate this. Note that you should not > simply sign the file directly under /mnt/koji, as this causes an > inconsistency between the filesystem and the database (hence the copy step). > > https://fedorahosted.org/rel-eng/browser/scripts/sign_unsigned.py A recent project was started to create a secure signing server for doing these types of operations: https://fedorahosted.org/sigul/ https://fedorahosted.org/rel-eng/browser/scripts/sigulsign_unsigned.py has been written to use the sigul setup. -- Jesse Keating Fedora -- FreedomĀ² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
Re: Koji and Signing RPMS
On 08/19/2009 05:08 AM, Greg Trahair wrote: I'm using Koji in combination with Mash to create rpms, but at the moment I'm not signing them and I need to start that now. I'm finding it quite hard to find any way that the koji/mash combination can do this without me having to create my own mechanism. Koji does not have an internal signing mechanism. It tracks signatures and can store differently signed copies of the same rpm efficiently, but it does not create signatures. If you import a signed rpm, koji will import the signature. You can import signatures for an rpm later by using the import-sig subcommand. The basic tool for signing rpms is rpm itself. http://docs.fedoraproject.org/drafts/rpm-guide-en/ch11s04.html To sign an rpm from koji, you should make a copy of the file, sign it with the appropriate rpm command, and import the signature. Fedora rel-eng has a script to help automate this. Note that you should not simply sign the file directly under /mnt/koji, as this causes an inconsistency between the filesystem and the database (hence the copy step). https://fedorahosted.org/rel-eng/browser/scripts/sign_unsigned.py -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
Koji and Signing RPMS
Hi All, I'm using Koji in combination with Mash to create rpms, but at the moment I'm not signing them and I need to start that now. I'm finding it quite hard to find any way that the koji/mash combination can do this without me having to create my own mechanism. Is there anyone that can provide a procedure on how this can be achieved? [...@kojihub] ~ $ rpm -q koji mash koji-1.3.1-1.el5.1 mash-0.2.10-3.el5 Thanks in advance, Greg Trahair -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
