Learn more about these different git repos.
Other Git URLs
Please create detached signatures for the binaries we will upload to GitHub for the Ignition 2.11.0 release. This is a manual process for now, pending the automation discussed in https://pagure.io/releng/issue/9057 and https://github.com/coreos/fedora-coreos-tracker/issues/335.
The binaries themselves have been built in koji. Here is a small script to grab all of the rpms and the files out of the rpms and name them appropriately:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
#!/bin/bash set -eux -o pipefail # Use the Fedora 34 key for the detached signatures KEYTOSIGNWITH='fedora-34' VR='2.11.0-1.fc34' RPMKEY='45719a39' # Fedora 34 key ARCHES='x86_64 aarch64 ppc64le s390x' # Grab the windows/mac binaries out of the nonlinux rpm rpm="ignition-validate-nonlinux-${VR}.noarch.rpm" koji download-build --key $RPMKEY --rpm $rpm rpm -qip $rpm | grep -P "^Signature.*${RPMKEY}$" # Verify the output has the key in it rpm2cpio $rpm | cpio -idv ./usr/share/ignition/ignition-validate-x86_64-apple-darwin ./usr/share/ignition/ignition-validate-x86_64-pc-windows-gnu.exe mv ./usr/share/ignition/ignition-validate-* . sigul sign-data -a $KEYTOSIGNWITH ./ignition-validate-x86_64-apple-darwin -o ./ignition-validate-x86_64-apple-darwin.asc sigul sign-data -a $KEYTOSIGNWITH ./ignition-validate-x86_64-pc-windows-gnu.exe -o ./ignition-validate-x86_64-pc-windows-gnu.exe.asc rm $rpm; rm -r ./usr # Grab the linux binary for a few arches we care about for arch in $ARCHES; do mkdir $arch; pushd $arch rpm="ignition-validate-${VR}.${arch}.rpm" outfile="ignition-validate-${arch}-linux" koji download-build --key $RPMKEY --rpm $rpm rpm -qip $rpm | grep $RPMKEY # Verify the output has the key in it rpm2cpio "${rpm}" | cpio -idv ./usr/bin/ignition-validate mv ./usr/bin/ignition-validate "../${outfile}" # Add detached signature step here using $KEYTOSIGNWITH rm "${rpm}"; rmdir ./usr/bin; rmdir ./usr popd; rmdir $arch sigul sign-data -a $KEYTOSIGNWITH "./${outfile}" -o "./${outfile}.asc" done # Fix permissions chmod go+r *.asc
After running this you should end up with a directory with files in it like:
$ ls -1 ignition-validate-aarch64-linux ignition-validate-aarch64-linux.asc ignition-validate-ppc64le-linux ignition-validate-ppc64le-linux.asc ignition-validate-s390x-linux ignition-validate-s390x-linux.asc ignition-validate-x86_64-apple-darwin ignition-validate-x86_64-apple-darwin.asc ignition-validate-x86_64-linux ignition-validate-x86_64-linux.asc ignition-validate-x86_64-pc-windows-gnu.exe ignition-validate-x86_64-pc-windows-gnu.exe.asc
Metadata Update from @humaton: - Issue tagged with: low-gain, low-trouble, ops
Done https://mohanboddu.fedorapeople.org/ignition_detached_sigs/ignition-2.11.0-1.fc34_detached_sigs/
Metadata Update from @mohanboddu: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.