Internal Yum repository GPG signatures


our internal Yum repository is finally GPG signed. Having a package
installed on any of the RHEL machines (except for combobox, still on
RHEL 5, which does not support V4 signatures) we manage now requires
you to sign the package before installing it on the relevant directory
under /home/admin/pkgs. I cooked a script that will make the whole
process easier on this side. [1]

The signing key is currently hosted on puppet-back which has a rw NFS
mount on /home/admin from combobox. Note this is an exception as other
machines mount /home/admin as read only for security purposes. The
private key is therefore hosted on a different machine than the mount
point itself and it's currently available to all users having root on
that machine.

A SOP has also been created [2] with a set of common operations you
can perform with the script.

That's all for now!




Debian Developer,
Fedora / EPEL packager,
GNOME Infrastructure Team Coordinator,
GNOME Foundation Board of Directors Secretary,
GNOME Foundation Membership & Elections Committee Chairman


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]