[CentOS-devel] New CBS/SIG signing process

Mon Mar 16 16:02:08 UTC 2020
Matthias Runge <mrunge at matthias-runge.de>

On 10/03/2020 16:17, Fabian Arrotin wrote:
> Hi all (especially SIG members/contributors) ,
> As announced by Jim some time ago, we wanted to redesign the current
> signing process that is in place for https://cbs.centos.org for CentOS 6
> and 7 (so quite some years now)
> The goal is to automate as much as possible the workflow, and working
> for all releases (yeah for CentOS 8 and Stream)
> Thomas and myself have worked on the following idea and we're now happy
> with the results (in our Dev environment) :
> - when someone builds a pkg, and that it's tagged to -testing, koji
> sends a notification (through koji callback -
> https://fedoraproject.org/wiki/Koji/WritingKojiCode#Event_Plugin) to a bus
> - signing machine listens to the bus, process the tag and push directly
> to buildlogs
> - when someone tag-build said pkg to -release, the node signs it with
> correct gpg key id (from the SIG), push generated repository (including
> for debuginfo/src.rpm packages) to mirror CDN


thank you for putting this stuff together, this is really great.

Can we have tags for opstools and messaging SIG?


Thank you.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20200316/ea3cc05d/attachment-0007.sig>