On 12/14/2010 01:50 PM, Josh Boyer wrote:
On Tue, Dec 14, 2010 at 2:49 AM, Oliver
> Hi Allen!
> I'm not sure how the Fedora guys do it... There's a lot of black
> (scripting) magic involved I guess. :-)
> And yes, the script is already using the the larger key size, but that's
> not hard to "fix"...
> Come on guys, show us your dirty little tricks! :-P
There are no dirty tricks. It essentially goes:
1) RPMs built in koji
2) sign_unsigned.py is run against various koji tags. Either
dist-f1x-candidates or dist-f1x-updates-testing, or whichever need to
be signed. NOTE: rawhide is not signed
3) mash is run against the tag after the RPMs have all been signed.
4) Bodhi does some symlink switching after all the mashes have
completed successfully and the new repos are pushed to the mirrors.
That's it. No tricks, nothing super efficient.
At some point, there was discussion on having koji do the signing
automatically after a build completes. I think that is still a long
term plan, but it requires a project to use a single key for all
Sorry Josh. This wasn't meant as offence! I just never saw any
documentation about this part - maybe I just didn't look hard enough. :-)