Changes

Jump to navigation Jump to search
→‎koji-sign-rpm: expand instructions
Line 136: Line 136:     
==== koji-sign-rpm ====
 
==== koji-sign-rpm ====
 
+
{{Note box| This plugin requires the expect python module}}
 
* Make sure that the koji-sign selinux policy is installed and enabled<syntaxhighlight lang="bash">
 
* Make sure that the koji-sign selinux policy is installed and enabled<syntaxhighlight lang="bash">
 
semodule --list-modules=full | grep koji-sign
 
semodule --list-modules=full | grep koji-sign
Line 146: Line 146:  
</syntaxhighlight>
 
</syntaxhighlight>
 
* Copy your gpg keys etc. into /etc/koji-hub/plugins/gnupg/
 
* Copy your gpg keys etc. into /etc/koji-hub/plugins/gnupg/
 +
* Change ownership of the gnu-get folder and all contents to the apache user<syntaxhighlight lang="bash">
 +
chown -R apache:apache /etc/koji-hub/plugins/gnupg
 +
</syntaxhighlight>
 
* Copy sign.conf into /etc/koji-hub/plugins/
 
* Copy sign.conf into /etc/koji-hub/plugins/
 +
* Change ownership of the sign.conf file to the apache user<syntaxhighlight lang="bash">
 +
chown apache:apache /etc/koji-hub/plugins/sign.conf
 +
</syntaxhighlight>
 
* Edit /etc/koji-hub/plugins/sign.conf to have the correct gpg key names for each tag and set enabled, when ready
 
* Edit /etc/koji-hub/plugins/sign.conf to have the correct gpg key names for each tag and set enabled, when ready
    
==== tag2distrepo ====
 
==== tag2distrepo ====
 
+
We have slightly modified the standard tag2distrepo plugin to add the missing signatures options
 
* Set the extra options on the tag so the plugin will generate the repository:  where ONLY those rpms signed with that key will be included in the generated external repository<syntaxhighlight lang="bash">
 
* Set the extra options on the tag so the plugin will generate the repository:  where ONLY those rpms signed with that key will be included in the generated external repository<syntaxhighlight lang="bash">
 
koji edit-tag -x tag2distrepo.enabled=True -x tag2distrepo.keys='44922a28' smecontribs11
 
koji edit-tag -x tag2distrepo.enabled=True -x tag2distrepo.keys='44922a28' smecontribs11
 +
</syntaxhighlight>We have added some extra optional options, that you can also set, if required<syntaxhighlight lang="bash">
 +
koji edit-tag -x tag2distrepo.skip_missing_signatures=True -x tag2distrepo.allow_missing_signatures smecontribs11
 
</syntaxhighlight>You can check by doing:<syntaxhighlight lang="bash">
 
</syntaxhighlight>You can check by doing:<syntaxhighlight lang="bash">
 
koji taginfo smecontribs11
 
koji taginfo smecontribs11
Line 169: Line 177:  
   tag2distrepo.enabled : True
 
   tag2distrepo.enabled : True
 
Inheritance:
 
Inheritance:
 +
</syntaxhighlight>To remove any of the options<syntaxhighlight lang="bash">
 +
koji edit-tag -r tag2distrepo.skip_missing_signatures smecontribs11
 
</syntaxhighlight>
 
</syntaxhighlight>
  
381

edits

Navigation menu