From 3268f81e7d87f9cc3daca279c0aa01308d6c4be2 Mon Sep 17 00:00:00 2001 From: Trevor Batley Date: Tue, 1 Oct 2024 09:58:23 +1000 Subject: [PATCH] updated plugins README --- plugins/README.md | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/plugins/README.md b/plugins/README.md index 59c4c2c..a7d8b00 100644 --- a/plugins/README.md +++ b/plugins/README.md @@ -23,6 +23,8 @@ Automagically sign rpms with our key after successful build This is a slightly modified version of the OSG Software Teams koji-hub plugin which can be found at +This plugin requires the pexpect python module to be installed + Make sure that the koji-sign selinux policy is installed and enabled semodule --list-modules=full | grep koji-sign @@ -31,23 +33,32 @@ If it's not listed, copy down the koji-sign.te file, compile and install it checkmodule -M -m -o koji-sign.mod koji-sign.te semodule_package -o koji-sign.pp -m koji-sign.mod - semodule -i koji-sign.pp + semodule -X 300 -i koji-sign.pp Copy your gpg keys etc. into /etc/koji-hub/plugins/gnupg/ -Copy sign.conf into /etc/koji-hub/plugins/ +Change the ownership of the gnupg directory and all contents to the apache user + + sudo chown -R apache:apache /etc/koji-hub/plugins/gnupg + +Copy sign.conf into /etc/koji-hub/plugins/. + +Change the ownership of the sign.conf file to the apache user + + sudo chown apache:apache /etc/koji-hub/plugins/sign.conf Edit /etc/koji-hub/plugins/sign.conf to have the correct gpg key names for each tag and set enabled, when ready ### tag2distrepo -This is a koji-hub plugin available in the default koji installation +This is a koji-hub plugin available in the default koji installation, but we have modified it slightly to allow the missing signature options It will create an external repository for any tag when a new build is completed in, or a build is attached to (tag-build) a tag -Set the extra options on the tag so the plugin will generate the repository: +Set the extra options on the tag so the plugin will generate the repository: (missing signature options ar optional) koji edit-tag -x tag2distrepo.enabled=True -x tag2distrepo.keys='44922a28' smecontribs11 + koji edit-tag -x tag2distrepo.skip_missing_signatures=True -x tag2distrepo.allow_missing_signatures=True smecontribs11 Where ONLY those rpms signed with that key will be included in the generated external repository