Dne 02. 11. 22 v 20:28 Josh Stone napsal(a):
On 11/1/22 3:51 PM, Kevin Fenzi wrote:On Tue, Nov 01, 2022 at 02:55:34PM -0700, Josh Stone wrote:On 11/1/22 11:16 AM, Neal Gompa wrote:That said, the packages *are* signed in Koji, because as soon as it's submitted to Bodhi, the packages are signed in-place in Koji.Is that really in-place? Bodhi says these are signed, but when I download from koji, "rpm -qip" still shows "Signature: (none)".If you download the direct build links you get unsigned copies. If you use something like: koji download-build --key=5323552a openssl-3.0.5-2.fc37 you get builds signed with the f37 key. Or you can look directly at: https://kojipkgs.fedoraproject.org/packages/openssl/3.0.5/3.fc37/data/signed/5323552a/It would be great to have that linked from Bodhi, perhaps on the Builds tab on the "Build signed" key icon for each package.
Now who will be motivated enough to at least open the Koji ticket as suggested in the other place of this thread? :D
Actually, for my purposes, it would be much better if there was something like `koji download-url --signed openssl`. This would be useful to feed DNF directly: `dnf install $(koji download-url --signed openssl)`, because I don't like to create some temporary directories.
Vít
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
