Learn more about these different git repos.
Other Git URLs
We have been requested from the last branching that we create the rawhide+1 keys weeks before the mass branching so it will stay there for an ample amount if folks want to migrate their stuff to rawhide keys!
However, this issue will also be used for creating an SOP for how the keys are generated, and what steps are required for that; The end goal is that everyone with the right access can create these!
!action - @jnsamyak will create an SOP from the steps we discuss here!
When do you need this? Before end of this week!
When is this no longer needed or useful? F41 Branching
If we cannot complete your request, what is the impact? :) We will not have new rawhide keys ;)
Metadata Update from @jnsamyak: - Issue tagged with: high-gain, medium-trouble, ops
CC: @kevin @humaton
So, we actually already have the 42 keys. We need to make f43. ;)
Here's the old SOP:
https://docs.pagure.org/releng/sop_create_release_signing_key.html
but it needs some work. ;)
I guess it's not that bad. ;) Would you like to make a pr adding it to new docs and I can provide the certs info...
Okay, let's do this I'll create PR for migrating it from the old doc to the new one, and then you can take over to add the certs info, and I can follow that sop to create F43 keys? What say?
@kevin the migration is done, and I converted, and as per the last three points I have added it to the document.
One thing, that will be very nice to add here is, if you know, to use which machine while running sigul etc
https://pagure.io/infra-docs-fpo/pull-request/311
Metadata Update from @jnsamyak: - Issue assigned to jnsamyak
Added comments/review/additional things to add. ;)
@kevin; https://pagure.io/infra-docs-fpo/pull-request/312 the pr is ready for review!
Hey Kevin while on running
sigul new-key --key-admin jnsamyak --key-type gnupg --gnupg-name-real Fedora --gnupg-name-comment 43 --gnupg-name-email fedora-43-primary@fedoraproject.org fedora-43
it asks for admin password Administrator's password; where can we fetch it from?
Administrator's password
It should be your nss password I think? but you were not an admin, so I made you one. Please try again now?
The nss password didn't work; It mentions having an admin password.
For example:
If I want to do `sigul --list-keys, it even asks for an Administrative Password, which is not an NSS password for sure, I tried resetting it before as well, but no didn't work
Can you check with this command, and see if your nss password works?
Yeah, sorry, it is another passphrase for that. I will try and figure the best way to get one to you...
Meanwhile, can you create the key and certs if you get time? And grant me access to that one? So I can add it on the places as part of the rest of the SOP?
I tried one more thing, can you try again? If it's still failing I can make things later tonight/tomorrow...
no luck and we encountered new problem :/ https://pagure.io/fedora-infrastructure/issue/12116#comment-922777
One last attempt before I give up for now... ;) please try again.
I think this is all working now. If not, feel free to reopen.
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.