| |
@@ -14,27 +14,27 @@
|
| |
|
| |
When we branch off of rawhide, the branched release packages are already signed by
|
| |
the F\{release} key, but we need to resign everything in rawhide for the new F+1 key.
|
| |
- ie, When we branch f39 off rawhide, all it's packages are already signed by the f39
|
| |
- key, but we need to resign everything with the f40 key for rawhide.
|
| |
+ ie, When we branch f{rawhide} off rawhide, all it's packages are already signed by the f{rawhide}
|
| |
+ key, but we need to resign everything with the f{rawhide_next} key for rawhide.
|
| |
|
| |
* Add a new config for the new key to robosignatory. Something like:
|
| |
|
| |
```
|
| |
[[consumer_config.koji_instances.primary.tags]]
|
| |
- from = "f39"
|
| |
- to = "f39"
|
| |
- key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}"
|
| |
+ from = "f{rawhide}"
|
| |
+ to = "f{rawhide}"
|
| |
+ key = "{{ (env == 'production')|ternary('fedora-{rawhide_next}', 'testkey') }}"
|
| |
keyid = "{{ (env == 'production')|ternary('a15B79cc', 'd300e724') }}"
|
| |
{% if env == "production" %}
|
| |
- file_signing_key = "fedora-40-ima"
|
| |
+ file_signing_key = "fedora-{rawhide_next}-ima"
|
| |
{% endif %}
|
| |
```
|
| |
- This allows robosignatory to sign packages in the f39 tag with the f40 key.
|
| |
+ This allows robosignatory to sign packages in the f{rawhide} tag with the f{rawhide_next} key.
|
| |
* git clone https://pagure.io/releng
|
| |
* confirm the new key fingerprint is in scripts/sigulsign_unsigned.py
|
| |
* run sigulsign_unsigned.py to gather list of packages to sign:
|
| |
```
|
| |
- ./sigulsign_unsigned.py --just-list --tag f39 fedora-40 | grep src | sed -e 's|.src||' > unsigned-packages
|
| |
+ ./sigulsign_unsigned.py --just-list --tag f{rawhide} fedora-{rawhide_next} | grep src | sed -e 's|.src||' > unsigned-packages
|
| |
```
|
| |
You should get a list of all the source packages by name.
|
| |
* copy unsigned-packages list to autosign01
|
| |
@@ -47,11 +47,11 @@
|
| |
for i in `cat unsigned-packages`
|
| |
do
|
| |
echo $i;
|
| |
- robosignatory sign-tag primary $i f39;
|
| |
+ robosignatory sign-tag primary $i f{rawhide};
|
| |
sleep 1;
|
| |
done
|
| |
```
|
| |
- This will iterate over all packages and sign them with the new f40 key.
|
| |
+ This will iterate over all packages and sign them with the new f{rawhide_next} key.
|
| |
Once complete, re-run the ./sigulsign_unsigned.py command to confirm all are signed.
|
| |
On branching day, remove the robosignatory config for this resigning.
|
| |
|
| |
@@ -358,7 +358,7 @@
|
| |
+
|
| |
[source,subs="attributes"]
|
| |
----
|
| |
- fedora-{rawhide+1}-primary: x86_64 armhfp aarch64 ppc64le s390x
|
| |
+ fedora-{rawhide_next}-primary: x86_64 armhfp aarch64 ppc64le s390x
|
| |
----
|
| |
|
| |
. Increment `%global rawhide_release`:
|
| |
@@ -647,7 +647,7 @@
|
| |
In order to enable builds for Container Base Images via the
|
| |
https://docs.pagure.org/releng/layered_image_build_service.html[Fedora
|
| |
Layered Image Build System] we will need to import a new image for
|
| |
- Rawhide as well as for the new `fedora:rawhide` and `fedora:${RAWHIDE}`
|
| |
+ Rawhide as well as for the new `fedora:rawhide` and `fedora:$\{RAWHIDE}`
|
| |
tags.
|
| |
|
| |
Check for the latest successful Rawhide Base Image composed image
|
| |
@@ -661,7 +661,7 @@
|
| |
$ BASEIMAGE_URL="https://kojipkgs.fedoraproject.org//packages/Fedora-Docker-Base/Rawhide/20170310.n.0/images/Fedora-Docker-Base-Rawhide-20170310.n.0.x86_64.tar.xz"
|
| |
|
| |
# Update this to whatever version number Rawhide now points to
|
| |
- $ RAWHIDE="27"
|
| |
+ $ RAWHIDE="{rawhide}"
|
| |
|
| |
# Load the latest, find it's image name
|
| |
$ sudo docker load < <(curl -s "$\{BASEIMAGE_URL}")
|
| |
@@ -670,15 +670,15 @@
|
| |
|
| |
# Tag everything
|
| |
$ sudo docker tag fedora-docker-base-rawhide-20170310.n.0.x86_64 candidate-registry.fedoraproject.org/fedora:rawhide
|
| |
- $ sudo docker tag fedora-docker-base-rawhide-20170310.n.0.x86_64 candidate-registry.fedoraproject.org/fedora:${RAWHIDE}
|
| |
+ $ sudo docker tag fedora-docker-base-rawhide-20170310.n.0.x86_64 candidate-registry.fedoraproject.org/fedora:$\{RAWHIDE}
|
| |
$ sudo docker tag fedora-docker-base-rawhide-20170310.n.0.x86_64 registry.fedoraproject.org/fedora:rawhide
|
| |
- $ sudo docker tag fedora-docker-base-rawhide-20170310.n.0.x86_64 registry.fedoraproject.org/fedora:${RAWHIDE}
|
| |
+ $ sudo docker tag fedora-docker-base-rawhide-20170310.n.0.x86_64 registry.fedoraproject.org/fedora:$\{RAWHIDE}
|
| |
|
| |
# Push the images
|
| |
$ sudo docker push candidate-registry.fedoraproject.org/fedora:rawhide
|
| |
- $ sudo docker push candidate-registry.fedoraproject.org/fedora:${RAWHIDE}
|
| |
+ $ sudo docker push candidate-registry.fedoraproject.org/fedora:$\{RAWHIDE}
|
| |
$ sudo docker push registry.fedoraproject.org/fedora:rawhide
|
| |
- $ sudo docker push registry.fedoraproject.org/fedora:${RAWHIDE}
|
| |
+ $ sudo docker push registry.fedoraproject.org/fedora:$\{RAWHIDE}
|
| |
|
| |
# Clean up after ourselves
|
| |
$ sudo docker rmi fedora-docker-base-rawhide-20170310.n.0.x86_64
|
| |
Signed-off-by: Diego Herrera dherrera@redhat.com