Line 136: |
Line 136: |
| | | |
| ==== koji-sign-rpm ==== | | ==== koji-sign-rpm ==== |
− | | + | {{Note box| This plugin requires the expect python module}} |
| * Make sure that the koji-sign selinux policy is installed and enabled<syntaxhighlight lang="bash"> | | * Make sure that the koji-sign selinux policy is installed and enabled<syntaxhighlight lang="bash"> |
| semodule --list-modules=full | grep koji-sign | | semodule --list-modules=full | grep koji-sign |
Line 146: |
Line 146: |
| </syntaxhighlight> | | </syntaxhighlight> |
| * Copy your gpg keys etc. into /etc/koji-hub/plugins/gnupg/ | | * Copy your gpg keys etc. into /etc/koji-hub/plugins/gnupg/ |
| + | * Change ownership of the gnu-get folder and all contents to the apache user<syntaxhighlight lang="bash"> |
| + | chown -R apache:apache /etc/koji-hub/plugins/gnupg |
| + | </syntaxhighlight> |
| * Copy sign.conf into /etc/koji-hub/plugins/ | | * Copy sign.conf into /etc/koji-hub/plugins/ |
| + | * Change ownership of the sign.conf file to the apache user<syntaxhighlight lang="bash"> |
| + | chown apache:apache /etc/koji-hub/plugins/sign.conf |
| + | </syntaxhighlight> |
| * Edit /etc/koji-hub/plugins/sign.conf to have the correct gpg key names for each tag and set enabled, when ready | | * Edit /etc/koji-hub/plugins/sign.conf to have the correct gpg key names for each tag and set enabled, when ready |
| | | |
| ==== tag2distrepo ==== | | ==== tag2distrepo ==== |
− | | + | We have slightly modified the standard tag2distrepo plugin to add the missing signatures options |
| * Set the extra options on the tag so the plugin will generate the repository: where ONLY those rpms signed with that key will be included in the generated external repository<syntaxhighlight lang="bash"> | | * Set the extra options on the tag so the plugin will generate the repository: where ONLY those rpms signed with that key will be included in the generated external repository<syntaxhighlight lang="bash"> |
| koji edit-tag -x tag2distrepo.enabled=True -x tag2distrepo.keys='44922a28' smecontribs11 | | koji edit-tag -x tag2distrepo.enabled=True -x tag2distrepo.keys='44922a28' smecontribs11 |
| + | </syntaxhighlight>We have added some extra optional options, that you can also set, if required<syntaxhighlight lang="bash"> |
| + | koji edit-tag -x tag2distrepo.skip_missing_signatures=True -x tag2distrepo.allow_missing_signatures smecontribs11 |
| </syntaxhighlight>You can check by doing:<syntaxhighlight lang="bash"> | | </syntaxhighlight>You can check by doing:<syntaxhighlight lang="bash"> |
| koji taginfo smecontribs11 | | koji taginfo smecontribs11 |
Line 169: |
Line 177: |
| tag2distrepo.enabled : True | | tag2distrepo.enabled : True |
| Inheritance: | | Inheritance: |
| + | </syntaxhighlight>To remove any of the options<syntaxhighlight lang="bash"> |
| + | koji edit-tag -r tag2distrepo.skip_missing_signatures smecontribs11 |
| </syntaxhighlight> | | </syntaxhighlight> |
| | | |