On 12/14/2010 01:50 PM, Josh Boyer wrote: > On Tue, Dec 14, 2010 at 2:49 AM, Oliver Falk<[email protected]> wrote: >> Hi Allen! >> >> I'm not sure how the Fedora guys do it... There's a lot of black >> (scripting) magic involved I guess. :-) >> >> And yes, the script is already using the the larger key size, but that's >> not hard to "fix"... >> >> Come on guys, show us your dirty little tricks! :-P > > There are no dirty tricks. It essentially goes: > > 1) RPMs built in koji > 2) sign_unsigned.py is run against various koji tags. Either > dist-f1x-candidates or dist-f1x-updates-testing, or whichever need to > be signed. NOTE: rawhide is not signed > 3) mash is run against the tag after the RPMs have all been signed. > 4) Bodhi does some symlink switching after all the mashes have > completed successfully and the new repos are pushed to the mirrors. > > That's it. No tricks, nothing super efficient. > > At some point, there was discussion on having koji do the signing > automatically after a build completes. I think that is still a long > term plan, but it requires a project to use a single key for all > packages.
Sorry Josh. This wasn't meant as offence! I just never saw any documentation about this part - maybe I just didn't look hard enough. :-) -of -- buildsys mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/buildsys
