[packman] PMBS Localbuild with packages from Packman
Pascal Bleser
pascal.bleser at opensuse.org
Thu Mar 8 20:17:12 CET 2012
On 2012-03-08 09:10:40 (+0100), Ludwig Nussel <ludwig.nussel at suse.de> wrote:
> Pascal Bleser wrote:
> > On 2012-03-06 16:03:01 (+0100), Ludwig Nussel <ludwig.nussel at suse.de> wrote:
> >> Ismail Dönmez wrote:
> >>> Just use osc build --no-verify
> >> Well, that's a workaround but not the solution.
> >> osc just fetches the _pubkey of every involved project. Looks like
> >> pmbs doesn't return the key used for top level projects. That needs to
> >> be fixed at server side.
> > Like.. how? Is it an OBS bug?
> > If it isn't, I don't even know where to start looking, we didn't
> > patch anything on the key serving.
> Your build service instance likely signs packages with the default key.
> According to Adrian this is considered a misconfiguration. Each project
> is supposed to have it's own key. In fact when creating a new project
> obs generates a key automatically. As Admin you can copy the same key
> into multiple projects though.
> So just copy the public key of your signing key as '_pubkey' file into
> the project directories on the server.
We did create the projects (obviously), but I suppose that older
OBS versions didn't create those per-project keys then.
Indeed, our toplevel projects (Essentials, Multimedia, Games,
Extra) do _not_ have a _pubkey file in projects/*/
Any idea where the default key is stored?
On a side note, we actually do recrypt the packages before they
are published on the Packman FTP tree.
We verify the key they have been signed with in OBS, then unsign
them, then sign them again with an RSA 4096, and then they are
pushed to the tree.
Reason is that the RSA 4096 is kept on a strongly secured host
with selinux etc...
cheers
--
-o) Pascal Bleser
/\\ http://opensuse.org -- we haz green
_\_v http://fosdem.org -- we haz conf
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <http://lists.links2linux.de/pipermail/packman/attachments/20120308/07f1f1d9/attachment.sig>
More information about the Packman
mailing list