From 1c0ed1fe8ca12acadee7b70d7eb833850e270a1a Mon Sep 17 00:00:00 2001 From: Fabian Arrotin Date: May 15 2023 09:56:59 +0000 Subject: Showing that rpm pkgs tagged to -testing are also now signed Signed-off-by: Fabian Arrotin --- diff --git a/docs/delivery.md b/docs/delivery.md index 96538aa..0ebee5d 100644 --- a/docs/delivery.md +++ b/docs/delivery.md @@ -12,7 +12,7 @@ By default, packages built on cbs are just tagged to `candidate` tag and stay in If you want your packages to get pushed to the [buildlogs](https://buildlogs.centos.org) mirror pool, you can tag packages to `testing` !!! warning - Worth knowing that while packages are served over https, and repositories metatdata signed, the packages *aren't* signed with gpg key at this time ! Also good to know that only classical pkgs are pushed out, so no src.rpm nor debuginfo packages are sent to testing network + Worth knowing that only classical pkgs are pushed out, so no src.rpm nor debuginfo packages are sent to testing network (they'll be for `release` tag though) If you want to tag multiple specific packages/versions to `testing`, you can proceed with one koji/cbs call : @@ -22,6 +22,8 @@ cbs tag-build ---testing -1.0.1 -2.3.4 < This will trigger a message on the mqtt-based message bus and intercepted by the isolated machine processing requests. At this stage it will : + * verify which packages need to be signed with the [dedicated gpg key](https://www.centos.org/keys/#community-driven-project-keys) for the `SIG` + * download , sign and import back into koji signed packages * call koji for a `distRepo` tasks (preparing a usable repository with your packages) and wait for it to finish * sign repomd.xml file once repositories are all processed for all architectures * push that to the `buildlogs` CDN