Please create detached signatures for the binaries we will upload to GitHub for the ignition 2.19.0 release. This is a manual process for now, pending the automation discussed in https://pagure.io/robosignatory/issue/53 and https://github.com/coreos/fedora-coreos-tracker/issues/335.
ignition
The binaries themselves have been built in koji. Here is a small script to grab all of the rpms and the files out of the rpms and name them appropriately:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52
#!/bin/bash set -eux -o pipefail # Use the Fedora 40 key for the detached signatures KEYTOSIGNWITH='fedora-40' VR='2.19.0-1.fc40' RPMKEY='a15b79cc' # Fedora 40 key do_sign() { # Sign with sigul unless FAKESIGN=1 if [ ${FAKESIGN:-0} != 1 ]; then sigul sign-data -a $KEYTOSIGNWITH "$1" -o "$1.asc" else echo INVALID > "$1.asc" fi } # Grab the binaries out of the redistributable rpm rpm="ignition-validate-redistributable-${VR}.noarch.rpm" koji download-build --key $RPMKEY --rpm $rpm rpm -qip $rpm | grep -P "^Signature.*${RPMKEY}$" # Verify the output has the key in it rpm2cpio $rpm | cpio -idv './usr/share/ignition/ignition-validate-*' # Rename the binaries mv usr/share/ignition/ignition-validate-aarch64-apple-darwin \ ignition-validate-aarch64-apple-darwin mv usr/share/ignition/ignition-validate-aarch64-unknown-linux-gnu-static \ ignition-validate-aarch64-linux mv usr/share/ignition/ignition-validate-ppc64le-unknown-linux-gnu-static \ ignition-validate-ppc64le-linux mv usr/share/ignition/ignition-validate-s390x-unknown-linux-gnu-static \ ignition-validate-s390x-linux mv usr/share/ignition/ignition-validate-x86_64-apple-darwin \ ignition-validate-x86_64-apple-darwin mv usr/share/ignition/ignition-validate-x86_64-pc-windows-gnu.exe \ ignition-validate-x86_64-pc-windows-gnu.exe mv usr/share/ignition/ignition-validate-x86_64-unknown-linux-gnu-static \ ignition-validate-x86_64-linux # Sign them do_sign ignition-validate-aarch64-apple-darwin do_sign ignition-validate-aarch64-linux do_sign ignition-validate-ppc64le-linux do_sign ignition-validate-s390x-linux do_sign ignition-validate-x86_64-apple-darwin do_sign ignition-validate-x86_64-pc-windows-gnu.exe do_sign ignition-validate-x86_64-linux # Fix permissions and clean up chmod go+r *.asc rm $rpm; rmdir ./usr/share/ignition; rmdir ./usr/share; rmdir ./usr
After running this you should end up with a directory with files in it like:
$ ls -1 ignition-validate-aarch64-apple-darwin ignition-validate-aarch64-apple-darwin.asc ignition-validate-aarch64-linux ignition-validate-aarch64-linux.asc ignition-validate-ppc64le-linux ignition-validate-ppc64le-linux.asc ignition-validate-s390x-linux ignition-validate-s390x-linux.asc ignition-validate-x86_64-apple-darwin ignition-validate-x86_64-apple-darwin.asc ignition-validate-x86_64-linux ignition-validate-x86_64-linux.asc ignition-validate-x86_64-pc-windows-gnu.exe ignition-validate-x86_64-pc-windows-gnu.exe.asc
Metadata Update from @kevin: - Issue assigned to kevin
Oops. Posted this to the other ticket by mistake:
https://kevin.fedorapeople.org/ignition/2.19.0/
Metadata Update from @kevin: - Issue close_status updated to: Fixed with Explanation - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.