smedev/smeserver-koji
6
0
Fork 0
mirror of https://src.koozali.org/infra/smeserver-koji.git synced 2024-11-21 17:17:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated plugins README

Browse Source
This commit is contained in:
Trevor Batley 2024-10-01 09:58:23 +10:00
parent 4409a8d97d
commit 3268f81e7d
1 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
plugins/README.md
View File

@ -23,6 +23,8 @@ Automagically sign rpms with our key after successful build
This is a slightly modified version of the OSG Software Teams koji-hub plugin which can be found at <https://github.com/osg-htc/koji-plugin-sign> This is a slightly modified version of the OSG Software Teams koji-hub plugin which can be found at <https://github.com/osg-htc/koji-plugin-sign>
This plugin requires the pexpect python module to be installed
Make sure that the koji-sign selinux policy is installed and enabled Make sure that the koji-sign selinux policy is installed and enabled
semodule --list-modules=full | grep koji-sign semodule --list-modules=full | grep koji-sign
@ -31,23 +33,32 @@ If it's not listed, copy down the koji-sign.te file, compile and install it
checkmodule -M -m -o koji-sign.mod koji-sign.te checkmodule -M -m -o koji-sign.mod koji-sign.te
semodule_package -o koji-sign.pp -m koji-sign.mod semodule_package -o koji-sign.pp -m koji-sign.mod
semodule -i koji-sign.pp semodule -X 300 -i koji-sign.pp
Copy your gpg keys etc. into /etc/koji-hub/plugins/gnupg/ Copy your gpg keys etc. into /etc/koji-hub/plugins/gnupg/
Copy sign.conf into /etc/koji-hub/plugins/ Change the ownership of the gnupg directory and all contents to the apache user
sudo chown -R apache:apache /etc/koji-hub/plugins/gnupg
Copy sign.conf into /etc/koji-hub/plugins/.
Change the ownership of the sign.conf file to the apache user
sudo chown apache:apache /etc/koji-hub/plugins/sign.conf
Edit /etc/koji-hub/plugins/sign.conf to have the correct gpg key names for each tag and set enabled, when ready Edit /etc/koji-hub/plugins/sign.conf to have the correct gpg key names for each tag and set enabled, when ready
### tag2distrepo ### tag2distrepo
This is a koji-hub plugin available in the default koji installation This is a koji-hub plugin available in the default koji installation, but we have modified it slightly to allow the missing signature options
It will create an external repository for any tag when a new build is completed in, or a build is attached to (tag-build) a tag It will create an external repository for any tag when a new build is completed in, or a build is attached to (tag-build) a tag
Set the extra options on the tag so the plugin will generate the repository: Set the extra options on the tag so the plugin will generate the repository: (missing signature options ar optional)
koji edit-tag -x tag2distrepo.enabled=True -x tag2distrepo.keys='44922a28' smecontribs11 koji edit-tag -x tag2distrepo.enabled=True -x tag2distrepo.keys='44922a28' smecontribs11
koji edit-tag -x tag2distrepo.skip_missing_signatures=True -x tag2distrepo.allow_missing_signatures=True smecontribs11
Where ONLY those rpms signed with that key will be included in the generated external repository Where ONLY those rpms signed with that key will be included in the generated external repository