On 12/14/2010 11:23 PM, Jesse Keating wrote:
On 12/14/10 7:57 PM, Allen Hewes wrote:
> B) how do you get the signed RPMs on disk (the filesystem) back into
> Koji? I think this is the process I have come across in previous
> posts from Jesse/Mike. I don't understand what sigul is could be the
> issue...
Sigul is calling koji import-sig in order to import the signed header
from the signed rpm. Koji can keep any number of signed headers for a
package. You can then ask koji to write out a version of rpms with
signed headers. This is actually done through the API, there is no
command line option for it. (koji list-api to get a list of all the
possible API calls)
You can use koji write-signed-rpm to get it to write out a copy signed
with a previously imported signature. The API works too though.
>
> C) does step 3 mean that you have taken twice as much space on disk
> because know you have two versions (one signed and one unsigned) of
> the same NVR build?
If you keep the signed one around yes. You don't have to sign every
build, or you don't have to keep the signed version around after you
publish them somewhere.
> D) if I go to Fedora's Koji, I don't see two NVR RPMs per package. I
> think I am missing something here w.r.t getting signed RPMs back into
> Koji.
http://kojipkgs.fedoraproject.org/packages/pungi/2.1.4/1.fc14/data/signed...
You'll see signed rpms there. The signature content gets put into the
<package>/<version>/<release>/data/ directory structure.