[packman] PMBS Localbuild with packages from Packman

Ludwig Nussel ludwig.nussel at suse.de
Fri Mar 9 11:33:46 CET 2012


Pascal Bleser wrote:
> Any idea where the default key is stored?

That's defined in BSConfig.pm

> On a side note, we actually do recrypt the packages before they
> are published on the Packman FTP tree.

Sounds strange. So the packages osc gets via the api are signed with a
different key than the ones on ftp.

> We verify the key they have been signed with in OBS, then unsign
> them, then sign them again with an RSA 4096, and then they are
> pushed to the tree.
> Reason is that the RSA 4096 is kept on a strongly secured host
> with selinux etc...

AFAIK the signing architecure of OBS is designed exactly for such a
setup. IE keep the private keys on an extra secured host that is only
reachable via a dedicated connection.

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) 




More information about the Packman mailing list