Re: Signing built RPMs or how to create signed RPMs.
On 12/14/10 7:57 PM, Allen Hewes wrote:
B) how do you get the signed RPMs on disk (the filesystem) back into
Koji? I think this is the process I have come across in previous
posts from Jesse/Mike. I don't understand what sigul is could be the
issue...
Sigul is calling koji import-sig in order to import the signed header
from the signed rpm. Koji can keep any number of signed headers for a
package. You can then ask koji to write out a version of rpms with
signed headers. This is actually done through the API, there is no
command line option for it. (koji list-api to get a list of all the
possible API calls)
C) does step 3 mean that you have taken twice as much space on disk
because know you have two versions (one signed and one unsigned) of
the same NVR build?
If you keep the signed one around yes. You don't have to sign every
build, or you don't have to keep the signed version around after you
publish them somewhere.
D) if I go to Fedora's Koji, I don't see two NVR RPMs per
package. I
think I am missing something here w.r.t getting signed RPMs back into
Koji.
http://kojipkgs.fedoraproject.org/packages/pungi/2.1.4/1.fc14/data/signed...
You'll see signed rpms there. The signature content gets put into the
<package>/<version>/<release>/data/ directory structure.
--
Jesse Keating
Fedora -- FreedomĀ² is a feature!
identi.ca: http://identi.ca/jkeating