Internal Yum repository GPG signatures
- From: Andrea Veri <av gnome org>
- To: GNOME Infrastructure <gnome-infrastructure gnome org>
- Subject: Internal Yum repository GPG signatures
- Date: Tue, 2 Jun 2015 15:19:35 +0200
Hey,
our internal Yum repository is finally GPG signed. Having a package
installed on any of the RHEL machines (except for combobox, still on
RHEL 5, which does not support V4 signatures) we manage now requires
you to sign the package before installing it on the relevant directory
under /home/admin/pkgs. I cooked a script that will make the whole
process easier on this side. [1]
The signing key is currently hosted on puppet-back which has a rw NFS
mount on /home/admin from combobox. Note this is an exception as other
machines mount /home/admin as read only for security purposes. The
private key is therefore hosted on a different machine than the mount
point itself and it's currently available to all users having root on
that machine.
A SOP has also been created [2] with a set of common operations you
can perform with the script.
That's all for now!
[1] https://git.gnome.org/browse/sysadmin-bin/tree/rpm-signer.py
[2] https://wiki.gnome.org/Sysadmin/SOP/RPMInternalSignatures
--
Cheers,
Andrea
Debian Developer,
Fedora / EPEL packager,
GNOME Infrastructure Team Coordinator,
GNOME Foundation Board of Directors Secretary,
GNOME Foundation Membership & Elections Committee Chairman
Homepage: http://www.gnome.org/~av
[Date Prev][
Date Next] [Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
