smedev/smeserver-koji
6
0
Fork 0
mirror of https://src.koozali.org/infra/smeserver-koji.git synced 2024-11-21 17:17:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated plugins README

Browse Source
This commit is contained in:
Trevor Batley 2024-10-01 09:58:23 +10:00
parent 4409a8d97d
commit 3268f81e7d
1 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
plugins/README.md
View File

@ -23,6 +23,8 @@ Automagically sign rpms with our key after successful build
This is a slightly modified version of the OSG Software Teams koji-hub plugin which can be found at <https://github.com/osg-htc/koji-plugin-sign>
This plugin requires the pexpect python module to be installed
Make sure that the koji-sign selinux policy is installed and enabled
semodule --list-modules=full | grep koji-sign
@ -31,23 +33,32 @@ If it's not listed, copy down the koji-sign.te file, compile and install it
checkmodule -M -m -o koji-sign.mod koji-sign.te
semodule_package -o koji-sign.pp -m koji-sign.mod
semodule -i koji-sign.pp
semodule -X 300 -i koji-sign.pp
Copy your gpg keys etc. into /etc/koji-hub/plugins/gnupg/
Copy sign.conf into /etc/koji-hub/plugins/
Change the ownership of the gnupg directory and all contents to the apache user
sudo chown -R apache:apache /etc/koji-hub/plugins/gnupg
Copy sign.conf into /etc/koji-hub/plugins/.
Change the ownership of the sign.conf file to the apache user
sudo chown apache:apache /etc/koji-hub/plugins/sign.conf
Edit /etc/koji-hub/plugins/sign.conf to have the correct gpg key names for each tag and set enabled, when ready
### tag2distrepo
This is a koji-hub plugin available in the default koji installation
This is a koji-hub plugin available in the default koji installation, but we have modified it slightly to allow the missing signature options
It will create an external repository for any tag when a new build is completed in, or a build is attached to (tag-build) a tag
Set the extra options on the tag so the plugin will generate the repository:
Set the extra options on the tag so the plugin will generate the repository: (missing signature options ar optional)
koji edit-tag -x tag2distrepo.enabled=True -x tag2distrepo.keys='44922a28' smecontribs11
koji edit-tag -x tag2distrepo.skip_missing_signatures=True -x tag2distrepo.allow_missing_signatures=True smecontribs11
Where ONLY those rpms signed with that key will be included in the generated external repository