I'm not sure how the Fedora guys do it... There's a lot of black
(scripting) magic involved I guess. :-)
And yes, the script is already using the the larger key size, but that's
not hard to "fix"...
Come on guys, show us your dirty little tricks! :-P
Am 14.12.2010 06:54, schrieb Allen Hewes:
> Hi Allen!
> You might want to look at the following post:
Thanks for link. I had not come across this thread.
It would appear that currently there isn't any method to sign RPMs within koji or
mash. You can import prebuilt RPMs with signatures into Koji. I don't know much about
importing RPMs into koji because I haven't had a need.
Do the Fedora guys use the sign_unsigned.py script for the official Fedora yum repos? If
so, how do they use mash? Because it looks to me that if you use this script, it does one
of the steps mash does; fetching RPMs out of koji tags.
I would have guessed that the Fedora guys generate their yum repos via mash from koji
tags and then sign RPMs.
I'd have to modify this script to suit my needs, but I think I could do it. It also
looks like it relies on a newer version of RPM, the rpm command for key size == 4096 is
one spot I noticed.
Also, I have to enter a passphrase when I sign my RPMs but this script doesn't have
any provisions for that. Is there a way to make rpm --resign not prompt for a passphrase?
Has there been any talk about adding RPM signing to mash? It seems like that'd be a
good place for it.
buildsys mailing list