fedora-lorax-templates

Clone
Source Code
GIT

#22 rawhide: ostree: enable gpg verification after install
Merged 6 years ago by mohanboddu. Opened 6 years ago by dustymabe.
dustymabe/fedora-lorax-templates dusty-rawhide  into  master

file modified
+1 -1 
@@ -14,7 +14,7 @@ 
 

  

  append usr/share/anaconda/interactive-defaults.ks "%post --erroronfail"
 

  append usr/share/anaconda/interactive-defaults.ks "rm -f /etc/ostree/remotes.d/${ostree_osname}.conf"
 

- append usr/share/anaconda/interactive-defaults.ks "ostree remote add --set=gpg-verify=false ${ostree_osname} '${ostree_update_repo}'"
 

+ append usr/share/anaconda/interactive-defaults.ks "ostree remote add --set=gpg-verify=true --set=gpgkeypath=/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-27-primary ${ostree_osname} '${ostree_update_repo}'"
 

  append usr/share/anaconda/interactive-defaults.ks "cp /etc/skel/.bash* /root"
 

  append usr/share/anaconda/interactive-defaults.ks "%end"

Taking the first step towards enabling gpg verification for our
users we'll make it so that the media they download will verify
gpg signatures of commits by default.

The next step is to enable gpg verification during install as well
but there is a race condition where the commit that was just created
might not yet be signed. See [1] for more details.

[1] https://pagure.io/pungi/issue/650

rebased
6 years ago

LGTM, this is unfortunately just another thing we'll have to remember to bump versions on when forking.

LGTM, this is unfortunately just another thing we'll have to remember to bump versions on when forking.

yeah - we can make this better as we go, just wanted to get it in for now.

Pull-Request has been merged by mohanboddu
6 years ago
Metadata
None
No Tags
Changes Summary 1
+1 -1
file changed
ostree-based-installer/lorax-configure-repo.tmpl
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.