That is out of scope as koji will not be actually performing signing as part of this feature, just utilizing rpm signatures that have already been imported. Neat idea, but bigger problem and not really related to this
On Dec 1, 2015 7:37 AM, "Petr Spacek" <pspacek@xxxxxxxxxx> wrote:
On 1.12.2015 13:15, Jan Kurik wrote:
> = Proposed Self Contained Change: Koji Generates Repositories of Signed RPMs =
>
> Change owner(s):
> * Jay Greguske < jgregusk with the usual red hat domain >
>
> Extend Koji with a new feature that allows users to generate yum
> repositories of signed RPMs.
>
> == Detailed Description ==
> This is a significant enabler for generating DVD media, other ISOs,
> and images more efficiently. It also allows other tools such as mash
> or pungi to offload much of the heavy-lifting to the build system.
> Longer term, we may be able to reduce the number of tools needed to
> manufacture Fedora releases.
>
> == Scope ==
> Proposal owners: to implement this change
> Release engineering: This feature does require coordination with
> release engineering (e.g. changes to installer image generation or
> update package delivery.)
When you are at it, would it be possible to sign repo metadata too, so we can
have repo_gpgcheck enabled for official repos?
--
Petr Spacek @ Red Hat
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx