Signing built RPMs or how to create signed RPMs.
Mike Bonnet
mikeb at redhat.com
Wed Dec 15 13:48:10 UTC 2010
On 12/14/2010 11:23 PM, Jesse Keating wrote:
> On 12/14/10 7:57 PM, Allen Hewes wrote:
>> B) how do you get the signed RPMs on disk (the filesystem) back into
>> Koji? I think this is the process I have come across in previous
>> posts from Jesse/Mike. I don't understand what sigul is could be the
>> issue...
>
> Sigul is calling koji import-sig in order to import the signed header
> from the signed rpm. Koji can keep any number of signed headers for a
> package. You can then ask koji to write out a version of rpms with
> signed headers. This is actually done through the API, there is no
> command line option for it. (koji list-api to get a list of all the
> possible API calls)
You can use koji write-signed-rpm to get it to write out a copy signed
with a previously imported signature. The API works too though.
>>
>> C) does step 3 mean that you have taken twice as much space on disk
>> because know you have two versions (one signed and one unsigned) of
>> the same NVR build?
>
> If you keep the signed one around yes. You don't have to sign every
> build, or you don't have to keep the signed version around after you
> publish them somewhere.
>
>> D) if I go to Fedora's Koji, I don't see two NVR RPMs per package. I
>> think I am missing something here w.r.t getting signed RPMs back into
>> Koji.
>
> http://kojipkgs.fedoraproject.org/packages/pungi/2.1.4/1.fc14/data/signed/97a1071f/noarch/
> You'll see signed rpms there. The signature content gets put into the
> <package>/<version>/<release>/data/ directory structure.
>
More information about the buildsys
mailing list