On Tue, Dec 14, 2010 at 7:58 AM, Oliver Falk <oliver(a)linux-kernel.at> wrote:
> There are no dirty tricks. It essentially goes:
>
> 1) RPMs built in koji
> 2) sign_unsigned.py is run against various koji tags. Either
> dist-f1x-candidates or dist-f1x-updates-testing, or whichever need to
> be signed. NOTE: rawhide is not signed
> 3) mash is run against the tag after the RPMs have all been signed.
> 4) Bodhi does some symlink switching after all the mashes have
> completed successfully and the new repos are pushed to the mirrors.
>
> That's it. No tricks, nothing super efficient.
>
> At some point, there was discussion on having koji do the signing
> automatically after a build completes. I think that is still a long
> term plan, but it requires a project to use a single key for all
> packages.
Sorry Josh. This wasn't meant as offence! I just never saw any
documentation about this part - maybe I just didn't look hard enough. :-)
Oh, I wasn't offended in the slightest. If anything I was wishing we
had dirty tricks, because how it is done right now is fairly
inefficient.
And yes, there should be more documentation in this area under the
RelEng SOPs. I'll take the blame for that, as I never got around to
writing it.
josh