On 02/03/2016 04:12 PM, Gordan Bobic wrote: > On 2016-02-03 14:56, Bjarne Saltbæk wrote: >>> Date: Wed, 3 Feb 2016 05:12:04 +0000 >>> From: [email protected] >>> To: [email protected] >>> Subject: Re: [RedSleeve-Users] Yum & Signed Packages in 7 >>> >>> I've been thinking about this. Jacco, how does this sound: >>> 1) You produce a key pair and sign all the packages on your side. >>> If you put the public key there, then we can have signed packages >>> working for the testing repositories which will probably make >>> people feel less concerned about it. >> >> Sigul Signing server is a perfect solution for signing RPM in a secure >> way. >> It is incorporated in the Koji setup I am designing :) >> (You don't need Koji to use sigul). > > Or you could just pull files to a secure server behind a firewall > that is normally switched off, run > rpm --resign *.rpm > and then push the signed files back out.
I tried reading on Sigul and it's beyond me. I have no clue how that's supposed to work. I guess I'll just write the private key to a USB stick (or 2 or 3 for good measure) and pop that in the server (strange word for a machine smaller than a deck of cards) if it is signing time. Jacco _______________________________________________ users mailing list [email protected] https://lists.redsleeve.org/mailman/listinfo/users
