On 2016-02-03 14:56, Bjarne Saltbæk wrote:
Date: Wed, 3 Feb 2016 05:12:04 +0000
From: [email protected]
To: [email protected]
Subject: Re: [RedSleeve-Users] Yum & Signed Packages in 7
I've been thinking about this. Jacco, how does this sound:
1) You produce a key pair and sign all the packages on your side.
If you put the public key there, then we can have signed packages
working for the testing repositories which will probably make
people feel less concerned about it.
Sigul Signing server is a perfect solution for signing RPM in a secure
way.
It is incorporated in the Koji setup I am designing :)
(You don't need Koji to use sigul).
Or you could just pull files to a secure server behind a firewall
that is normally switched off, run
rpm --resign *.rpm
and then push the signed files back out.
Since it's 3 lines to achieve that on my setup (zfs send, rpm, zfs
send),
it seems simple enough that it would be rather difficult to simplify
further. ;)
But I get that "all the cool kids" are using koji and it's all
"enterprisey", etc. I guess I'm just bitter because I expected
something of such mind boggling complexity to at the very least
do dependency resolution and build packages in order to ensure
that there is never a FTBFS due to missing dependencies. When
your builders are slow and have slow storage, those FTBFS-es
still require a lot of resources to extract src.rpms, create a
mock chroot, install the dependencies, and then tear it down.
For many packages, this takes longer than the actual compile
stage.
One way to do this could be to have a redsleeve-testing-release
package
corresponding to the testing repository.
2) Once things have been more thoroughly tested, I'll re-sign them
whth the release version key.
Sounds fine by me.
Yes, but it's Jacco that needs to approve the idea on the basis
that he needs to throw together a redsleeve-6-testing-release and
redsleeve-7-testing-release packages and add signing to his
process. :-p
Gordan
_______________________________________________
users mailing list
[email protected]
https://lists.redsleeve.org/mailman/listinfo/users
