mirror of
				https://src.koozali.org/infra/smeserver-koji.git
				synced 2025-10-20 18:01:27 +02:00 
			
		
		
		
	updated plugins README
This commit is contained in:
		| @@ -23,6 +23,8 @@ Automagically sign rpms with our key after successful build | |||||||
|  |  | ||||||
| This is a slightly modified version of the OSG Software Teams koji-hub plugin which can be found at <https://github.com/osg-htc/koji-plugin-sign> | This is a slightly modified version of the OSG Software Teams koji-hub plugin which can be found at <https://github.com/osg-htc/koji-plugin-sign> | ||||||
|  |  | ||||||
|  | This plugin requires the pexpect python module to be installed | ||||||
|  |  | ||||||
| Make sure that the koji-sign selinux policy is installed and enabled | Make sure that the koji-sign selinux policy is installed and enabled | ||||||
|  |  | ||||||
|     semodule --list-modules=full | grep koji-sign |     semodule --list-modules=full | grep koji-sign | ||||||
| @@ -31,23 +33,32 @@ If it's not listed, copy down the koji-sign.te file, compile and install it | |||||||
|  |  | ||||||
|     checkmodule -M -m -o koji-sign.mod koji-sign.te |     checkmodule -M -m -o koji-sign.mod koji-sign.te | ||||||
|     semodule_package -o koji-sign.pp -m koji-sign.mod |     semodule_package -o koji-sign.pp -m koji-sign.mod | ||||||
|     semodule -i koji-sign.pp |     semodule -X 300 -i koji-sign.pp | ||||||
|  |  | ||||||
| Copy your gpg keys etc. into /etc/koji-hub/plugins/gnupg/ | Copy your gpg keys etc. into /etc/koji-hub/plugins/gnupg/ | ||||||
|  |  | ||||||
| Copy sign.conf into /etc/koji-hub/plugins/ | Change the ownership of the gnupg directory and all contents to the apache user | ||||||
|  |  | ||||||
|  |     sudo chown -R apache:apache /etc/koji-hub/plugins/gnupg | ||||||
|  |  | ||||||
|  | Copy sign.conf into /etc/koji-hub/plugins/. | ||||||
|  |  | ||||||
|  | Change the ownership of the sign.conf file to the apache user | ||||||
|  |  | ||||||
|  |     sudo chown apache:apache /etc/koji-hub/plugins/sign.conf  | ||||||
|  |  | ||||||
| Edit /etc/koji-hub/plugins/sign.conf to have the correct gpg key names for each tag and set enabled, when ready | Edit /etc/koji-hub/plugins/sign.conf to have the correct gpg key names for each tag and set enabled, when ready | ||||||
|  |  | ||||||
| ### tag2distrepo | ### tag2distrepo | ||||||
|  |  | ||||||
| This is a koji-hub plugin available in the default koji installation | This is a koji-hub plugin available in the default koji installation, but we have modified it slightly to allow the missing signature options | ||||||
|  |  | ||||||
| It will create an external repository for any tag when a new build is completed in, or a build is attached to (tag-build) a tag | It will create an external repository for any tag when a new build is completed in, or a build is attached to (tag-build) a tag | ||||||
|  |  | ||||||
| Set the extra options on the tag so the plugin will generate the repository: | Set the extra options on the tag so the plugin will generate the repository: (missing signature options ar optional) | ||||||
|  |  | ||||||
|     koji edit-tag -x tag2distrepo.enabled=True -x tag2distrepo.keys='44922a28' smecontribs11 |     koji edit-tag -x tag2distrepo.enabled=True -x tag2distrepo.keys='44922a28' smecontribs11 | ||||||
|  |     koji edit-tag -x tag2distrepo.skip_missing_signatures=True -x tag2distrepo.allow_missing_signatures=True smecontribs11 | ||||||
|  |  | ||||||
| Where ONLY those rpms signed with that key will be included in the generated external repository | Where ONLY those rpms signed with that key will be included in the generated external repository | ||||||
|  |  | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user
	 Trevor Batley
					Trevor Batley