Signing built RPMs or how to create signed RPMs.
Jesse Keating
jkeating at redhat.com
Wed Dec 15 04:23:07 UTC 2010
On 12/14/10 7:57 PM, Allen Hewes wrote:
> B) how do you get the signed RPMs on disk (the filesystem) back into
> Koji? I think this is the process I have come across in previous
> posts from Jesse/Mike. I don't understand what sigul is could be the
> issue...
Sigul is calling koji import-sig in order to import the signed header
from the signed rpm. Koji can keep any number of signed headers for a
package. You can then ask koji to write out a version of rpms with
signed headers. This is actually done through the API, there is no
command line option for it. (koji list-api to get a list of all the
possible API calls)
>
> C) does step 3 mean that you have taken twice as much space on disk
> because know you have two versions (one signed and one unsigned) of
> the same NVR build?
If you keep the signed one around yes. You don't have to sign every
build, or you don't have to keep the signed version around after you
publish them somewhere.
> D) if I go to Fedora's Koji, I don't see two NVR RPMs per package. I
> think I am missing something here w.r.t getting signed RPMs back into
> Koji.
http://kojipkgs.fedoraproject.org/packages/pungi/2.1.4/1.fc14/data/signed/97a1071f/noarch/
You'll see signed rpms there. The signature content gets put into the
<package>/<version>/<release>/data/ directory structure.
--
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
More information about the buildsys
mailing list