Looking for koji hub policy advice
Anthony Messina
amessina at messinet.com
Fri Jul 18 18:30:28 UTC 2014
On Friday, July 18, 2014 08:48:19 AM Pat Riehecky wrote:
> I'm looking to fix up our Secure Boot infrastructure for Scientific Linux.
>
> I noticed the fedora koji has the kernel building against a specific
> channel. I assume so it can be directed to hosts with the necessary tokens.
>
> Alas, I've not found the necessary hints at
> https://fedoraproject.org/wiki/Koji/Policies for how I'd write such a
> policy.
>
> I'd also rather not remove the default policy[1] in the process.
>
> May I request some help?
Hi Pat. I had something similar a while back to build kmods for Fedora
(specifically DAHDI-Linux).
My hub policy looks like this, though I'm not sure it's the best way to go
(also seeking advice), but it has worked since Fedora 18.
[policy]
channel =
has req_channel :: req
is_child_task :: parent
method build && source *-kmod* :: use secure-boot
all :: use default
Then I place certain builders in the secure-boot channel. I have some general
info for consumers at
https://messinet.com/rpms/#UEFISecureBootKernelModuleSigningKeys
And you can look at the spec file changes that needed to be done here:
https://messinet.com/rpms/browser/dahdi-linux-kmod/dahdi-linux-kmod.spec
And information on how I started to do this here:
https://messinet.com/post/rpm/2013/02/08/fedora-18-uefi-secure-boot-kernel-module-signing/
--
Anthony - http://messinet.com - http://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.fedoraproject.org/pipermail/buildsys/attachments/20140718/77ca7d92/attachment.sig>
More information about the buildsys
mailing list