381
edits
Changes
From SME Server
Jump to navigationJump to search→koji-sign-rpm: expand instructions
==== koji-sign-rpm ====
==== koji-sign-rpm ====
{{Note box| This plugin requires the expect python module}}
* Make sure that the koji-sign selinux policy is installed and enabled<syntaxhighlight lang="bash">
* Make sure that the koji-sign selinux policy is installed and enabled<syntaxhighlight lang="bash">
semodule --list-modules=full | grep koji-sign
semodule --list-modules=full | grep koji-sign
</syntaxhighlight>
</syntaxhighlight>
* Copy your gpg keys etc. into /etc/koji-hub/plugins/gnupg/
* Copy your gpg keys etc. into /etc/koji-hub/plugins/gnupg/
* Change ownership of the gnu-get folder and all contents to the apache user<syntaxhighlight lang="bash">
chown -R apache:apache /etc/koji-hub/plugins/gnupg
</syntaxhighlight>
* Copy sign.conf into /etc/koji-hub/plugins/
* Copy sign.conf into /etc/koji-hub/plugins/
* Change ownership of the sign.conf file to the apache user<syntaxhighlight lang="bash">
chown apache:apache /etc/koji-hub/plugins/sign.conf
</syntaxhighlight>
* Edit /etc/koji-hub/plugins/sign.conf to have the correct gpg key names for each tag and set enabled, when ready
* Edit /etc/koji-hub/plugins/sign.conf to have the correct gpg key names for each tag and set enabled, when ready
==== tag2distrepo ====
==== tag2distrepo ====
We have slightly modified the standard tag2distrepo plugin to add the missing signatures options
* Set the extra options on the tag so the plugin will generate the repository: where ONLY those rpms signed with that key will be included in the generated external repository<syntaxhighlight lang="bash">
* Set the extra options on the tag so the plugin will generate the repository: where ONLY those rpms signed with that key will be included in the generated external repository<syntaxhighlight lang="bash">
koji edit-tag -x tag2distrepo.enabled=True -x tag2distrepo.keys='44922a28' smecontribs11
koji edit-tag -x tag2distrepo.enabled=True -x tag2distrepo.keys='44922a28' smecontribs11
</syntaxhighlight>We have added some extra optional options, that you can also set, if required<syntaxhighlight lang="bash">
koji edit-tag -x tag2distrepo.skip_missing_signatures=True -x tag2distrepo.allow_missing_signatures smecontribs11
</syntaxhighlight>You can check by doing:<syntaxhighlight lang="bash">
</syntaxhighlight>You can check by doing:<syntaxhighlight lang="bash">
koji taginfo smecontribs11
koji taginfo smecontribs11
tag2distrepo.enabled : True
tag2distrepo.enabled : True
Inheritance:
Inheritance:
</syntaxhighlight>To remove any of the options<syntaxhighlight lang="bash">
koji edit-tag -r tag2distrepo.skip_missing_signatures smecontribs11
</syntaxhighlight>
</syntaxhighlight>
