[Mageia-sysadm] package signing

Michael scherer misc at zarb.org
Fri Jan 21 12:31:30 CET 2011


On Thu, Jan 20, 2011 at 07:55:38PM +0100, nicolas vigier wrote:
> Hello,
> 
> I have started setup of package signing (and will continue tomorrow,
> unless someone do it before).
> 
> What has been done :
>  - signbot user created
>  - signbot user added in schedbot group (to have write access on package
>    files)
>  - created script mga-signpackage to sign a package (in mdv-youri-submit
>    bin directory), to be installed as /usr/bin/mga-signpackage
>  - updated Sign action in mdv-youri-submit to run mga-signpackage script
>    with "sudo -u signbot"
> What remains to be done :

- push our sign action upstream 

>  - add sudoers config to allow schedbot to run mga-signpackage script
>    with signbot account
>  - change permissions on package directories, to allow write access for
>    schedbot group
>  - generate key with gnupg puppet module (maybe update the module to be
>    able to change the path for keys)

- decide on the policy for gpg key, decide if we need to sign it or not.


>  - update mdv-youri-submit package and install it on valstar
>  - enable signing in youri config and test

-- 
Michael Scherer


More information about the Mageia-sysadm mailing list