[Mageia-sysadm] package signing
Michael scherer
misc at zarb.org
Fri Jan 21 12:31:30 CET 2011
On Thu, Jan 20, 2011 at 07:55:38PM +0100, nicolas vigier wrote:
> Hello,
>
> I have started setup of package signing (and will continue tomorrow,
> unless someone do it before).
>
> What has been done :
> - signbot user created
> - signbot user added in schedbot group (to have write access on package
> files)
> - created script mga-signpackage to sign a package (in mdv-youri-submit
> bin directory), to be installed as /usr/bin/mga-signpackage
> - updated Sign action in mdv-youri-submit to run mga-signpackage script
> with "sudo -u signbot"
> What remains to be done :
- push our sign action upstream
> - add sudoers config to allow schedbot to run mga-signpackage script
> with signbot account
> - change permissions on package directories, to allow write access for
> schedbot group
> - generate key with gnupg puppet module (maybe update the module to be
> able to change the path for keys)
- decide on the policy for gpg key, decide if we need to sign it or not.
> - update mdv-youri-submit package and install it on valstar
> - enable signing in youri config and test
--
Michael Scherer
More information about the Mageia-sysadm
mailing list