#3301 doc: clarify rpm imports
Merged 2 years ago by tkopecek. Opened 2 years ago by tkopecek.
tkopecek/koji issue3281  into  master

@@ -12,7 +12,7 @@ 

  running, and at least one Koji builder (``kojid``) is properly

  configured and running. All koji cli commands assume that the user is a

  Koji *admin*. If you need help with these tasks, see the

- `ServerHowTo <Koji/ServerHowTo>`__ .

+ :doc:`ServerHowTo <server_howto>`.

  

  -  Download all source rpms and binary rpms for the arches you're

     interested in
@@ -29,6 +29,12 @@ 

  import speed. When using ``--link``, you must run as root. It is

  **highly** recommended that you use ``--link``.

  

+ If an imported rpm contains an rpm signature, the import does not automatically

+ write out a signed copy for that signature. The primary copy will be the signed

+ rpm, and the signature will be noted. If a signed copy is desired (e.g. for

+ generating :doc:`distrepos <exporting_repositories>`), you can use the koji

+ write-signed-rpm command.

+ 

  -  Import all binary rpms using the same method as above

  

  -  Create a new tag

file modified
+10 -2
@@ -74,8 +74,8 @@ 

  Learn more about RPM signatures and digests in `RPM's reference manual

  <https://rpm-software-management.github.io/rpm/manual/signatures_digests.html>`_.

  

- Uploding signed RPMs to Koji

- ----------------------------

+ Uploading signed RPMs to Koji

+ -----------------------------

  

  Koji does not sign RPMs. Instead, Koji imports RPMs that are signed with a separate key.

  
@@ -95,6 +95,14 @@ 

  Hub, which stores the headers on disk alongside the main unsigned RPM.

  It also writes out a full signed RPM.

  

+ Another variant is to import whole signed rpms (e.g. during :doc:`bootstrapping

+ <server_bootstrap>` via ``koji import`` command.) If such an imported rpm

+ contains an rpm signature, the import does not automatically write out a signed

+ copy for that signature (in contrast with ``import-sig``). The primary copy will

+ be the signed rpm, and the signature will be noted. If a signed copy is desired

+ (e.g. for generating :doc:`distrepos <exporting_repositories>`), you can use the

+ koji write-signed-rpm command.

+ 

  Downloading a signed RPM from Koji

  ----------------------------------

  

Metadata Update from @tkopecek:
- Pull-request tagged with: doc, no_qe

2 years ago

Might be worth adding a note in docs/source/signing.rst as well

Suggested for grammar and clarity.

If an imported rpm contains an rpm signature, the import does not
automatically write out a signed copy for that signature. The primary copy will
be the signed rpm, and the signature will be noted. If a signed copy is desired
(e.g. for generating :doc:distrepos <exporting_repositories>), you can use the
koji write-signed-rpm command.

1 new commit added

  • additional clarifications
2 years ago

rebased onto 7958d1ca5ff30fb89730ab75b211bfa7cf92a4f0

2 years ago

Minor adjustments needed in signing.rst. Otherwise good to go.

--- a/docs/source/signing.rst
+++ b/docs/source/signing.rst
@@ -74,8 +74,8 @@ A lower-level command that shows the signature on an RPM file (the
 Learn more about RPM signatures and digests in `RPM's reference manual
 <https://rpm-software-management.github.io/rpm/manual/signatures_digests.html>`_.

-Uploding signed RPMs to Koji
-----------------------------
+Uploading signed RPMs to Koji
+-----------------------------

 Koji does not sign RPMs. Instead, Koji imports RPMs that are signed with a separate key.

@@ -95,8 +95,8 @@ The ``koji import-sig`` command uploads the signed RPM headers to the Koji
 Hub, which stores the headers on disk alongside the main unsigned RPM.
 It also writes out a full signed RPM.

-Other variant is to import whole signed rpms (e.g. during :doc:`bootstrapping
-<server_bootstrap>` via ``koji import`` command.) If such imported rpm contains
+Another variant is to import whole signed rpms (e.g. during :doc:`bootstrapping
+<server_bootstrap>` via ``koji import`` command.) If such an imported rpm contains
 an rpm signature, the import does not automatically write out a signed copy for
 that signature (in contrast with ``import-sig``). The primary copy will be the
 signed rpm, and the signature will be noted. If a signed copy is desired (e.g.

rebased onto e720df3

2 years ago

Commit 5fdaf59 fixes this pull-request

Pull-Request has been merged by tkopecek

2 years ago