How define a signing key for a project

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

How define a signing key for a project

Dieter Bloms
Hello,

we are running an own private obs appliance.
I've a gpg key and want to use this for all my project.
I've added my gpg key in the keyring of /srv/obs/gnupg
and defined it in /etc/sign.conf.
The rpms were signed by my gpg key, but my gpg key is not used to sign
the repos of my projects.
The repos were signed with the key of "defaultkey@localobs".

I read the online obs reference guide
http://openbuildservice.org/help/manuals/obs-reference-guide/cha.obs.signing.html#id2202
but there is only an empty chapter "Configure sign key"

Can anybody tell me how to define the project signing key ?

Thank you  very much.


--
Regards

  Dieter

--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
From field.
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: How define a signing key for a project

Adrian Schröter
On Mittwoch, 19. April 2017, 13:26:55 CEST wrote Dieter Bloms:
> Hello,
>
> we are running an own private obs appliance.
> I've a gpg key and want to use this for all my project.
> I've added my gpg key in the keyring of /srv/obs/gnupg
> and defined it in /etc/sign.conf.
> The rpms were signed by my gpg key, but my gpg key is not used to sign
> the repos of my projects.
> The repos were signed with the key of "defaultkey@localobs".

this is the instance key.

> I read the online obs reference guide
> http://openbuildservice.org/help/manuals/obs-reference-guide/cha.obs.signing.html#id2202
> but there is only an empty chapter "Configure sign key"
>
> Can anybody tell me how to define the project signing key ?

You can create further keys using

 osc signkey --create $project

our default config is that top level projects get an own key automatic.
Check

 osc api -e /configuration

and look for

    <enforce_project_keys>on</enforce_project_keys>



--

Adrian Schroeter
email: [hidden email]

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
 
Maxfeldstraße 5                        
90409 Nürnberg
Germany


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: How define a signing key for a project

Dieter Bloms
Hello Adrian,

On Wed, Apr 19, Adrian Schröter wrote:

> On Mittwoch, 19. April 2017, 13:26:55 CEST wrote Dieter Bloms:
> > Hello,
> >
> > we are running an own private obs appliance.
> > I've a gpg key and want to use this for all my project.
> > I've added my gpg key in the keyring of /srv/obs/gnupg
> > and defined it in /etc/sign.conf.
> > The rpms were signed by my gpg key, but my gpg key is not used to sign
> > the repos of my projects.
> > The repos were signed with the key of "defaultkey@localobs".
>
> this is the instance key.

may it be possible to change this instance key ?
I can't find it on the new appliance.

> > I read the online obs reference guide
> > http://openbuildservice.org/help/manuals/obs-reference-guide/cha.obs.signing.html#id2202
> > but there is only an empty chapter "Configure sign key"
> >
> > Can anybody tell me how to define the project signing key ?
>
> You can create further keys using
>
>  osc signkey --create $project
>
> our default config is that top level projects get an own key automatic.
> Check
>
>  osc api -e /configuration
>
> and look for
>
>     <enforce_project_keys>on</enforce_project_keys>

the problem is, that our old autobuild server (based on sles11) is broken and I've
installed a new one as appliance.

Now I want use the keys from the old autobuild server, so that all our servers
don't need to be touched for a key change.


--
Regards

  Dieter

--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
From field.
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]