[packman] PMBS Localbuild with packages from Packman
Ludwig Nussel
ludwig.nussel at suse.de
Fri Mar 9 11:33:46 CET 2012
Pascal Bleser wrote:
> Any idea where the default key is stored?
That's defined in BSConfig.pm
> On a side note, we actually do recrypt the packages before they
> are published on the Packman FTP tree.
Sounds strange. So the packages osc gets via the api are signed with a
different key than the ones on ftp.
> We verify the key they have been signed with in OBS, then unsign
> them, then sign them again with an RSA 4096, and then they are
> pushed to the tree.
> Reason is that the RSA 4096 is kept on a strongly secured host
> with selinux etc...
AFAIK the signing architecure of OBS is designed exactly for such a
setup. IE keep the private keys on an extra secured host that is only
reachable via a dedicated connection.
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
More information about the Packman
mailing list