Learn more about these different git repos.
Other Git URLs
Please create detached signatures for the binaries we will upload to GitHub for the Ignition 2.4.0 release. This is a manual process for now, pending the automation discussed in https://pagure.io/releng/issue/9057 and https://github.com/coreos/fedora-coreos-tracker/issues/335.
The binaries themselves have been built in koji. Here is a small script to grab all of the rpms and the files out of the rpms and name them appropriately:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
#!/bin/bash set -eux -o pipefail # Use the Fedora 32 key for the detached signatures KEYTOSIGNWITH='fedora-32' VR='2.4.0-1.gitd18bf90.fc32' RPMKEY='12c944d0' # Fedora 32 key ARCHES='x86_64 aarch64 ppc64le s390x' # Grab the windows/mac binaries out of the nonlinux rpm rpm="ignition-validate-nonlinux-${VR}.noarch.rpm" koji download-build --key $RPMKEY --rpm $rpm rpm -qip $rpm | grep -P "^Signature.*${RPMKEY}$" # Verify the output has the key in it rpm2cpio $rpm | cpio -idv ./usr/share/ignition/ignition-validate-x86_64-apple-darwin ./usr/share/ignition/ignition-validate-x86_64-pc-windows-gnu.exe mv ./usr/share/ignition/ignition-validate-* . sigul sign-data -a $KEYTOSIGNWITH ./ignition-validate-x86_64-apple-darwin -o ./ignition-validate-x86_64-apple-darwin.asc sigul sign-data -a $KEYTOSIGNWITH ./ignition-validate-x86_64-pc-windows-gnu.exe -o ./ignition-validate-x86_64-pc-windows-gnu.exe.asc rm $rpm; rm -r ./usr # Grab the linux binary for a few arches we care about for arch in $ARCHES; do mkdir $arch; pushd $arch rpm="ignition-validate-${VR}.${arch}.rpm" outfile="ignition-validate-${arch}-linux" koji download-build --key $RPMKEY --rpm $rpm rpm -qip $rpm | grep $RPMKEY # Verify the output has the key in it rpm2cpio "${rpm}" | cpio -idv ./usr/bin/ignition-validate mv ./usr/bin/ignition-validate "../${outfile}" # Add detached signature step here using $KEYTOSIGNWITH rm "${rpm}"; rmdir ./usr/bin; rmdir ./usr popd; rmdir $arch sigul sign-data -a $KEYTOSIGNWITH "./${outfile}" -o "./${outfile}.asc" done
After running this you should end up with a directory with files in it like:
$ ls -1 ignition-validate-aarch64-linux ignition-validate-ppc64le-linux ignition-validate-s390x-linux ignition-validate-x86_64-apple-darwin ignition-validate-x86_64-linux ignition-validate-x86_64-pc-windows-gnu.exe
So, sigul is having issues with signing with the dc move and updated to F32 and no py2 support
$ sigul sign-data -a fedora-32 ./ignition-validate-x86_64-apple-darwin -o ./ignition-validate-x86_64-apple-darwin.asc File "/usr/share/sigul/client.py", line 99 except utils.NSSInitError, e: ^ SyntaxError: invalid syntax
@mohanboddu The error you've sent would indicate no py3 support. This is an error about syntax that is valid in py2, but not in py3, so that means you're trying to run a py2 sigul (0.X) on a system with just py3. Please run a dnf update sigul, which should fix that.
@puiterwijk Yeah, the problem is its a F32 box and sigul-1.x is not built for it, can I build one for F32 or is there any reason why its not built for F32?
@mohanboddu it's not built for F32-infra because we didn't need that before. Feel free to do so if you want. You do not want to build it for f32 "public" probably ,because sigul-1.x is entirely incompatible with a sigul-0.x server and bridge. So we should either update all, or none.
After upgrading to sigul-1.0a1-2.fc32.infra I got the following error:
Key passphrase: 2020-07-15 17:08:54,489 WARNING: (child) Exception in child Traceback (most recent call last): File "/usr/share/sigul/double_tls.py", line 790, in __child addr_info = nss.io.AddrInfo(self.__hostname, nss.io.PR_AF_INET, nss.error.NSPRError: (PR_DIRECTORY_LOOKUP_ERROR) A directory lookup on a network address has failed. ERROR: I/O error: ConnectionResetError(104, 'Connection reset by peer')
Metadata Update from @mohanboddu: - Issue tagged with: groomed, high-gain, high-trouble
Ignition 2.4.1 will be released today. We can skip signing on 2.4.0 artifacts if that helps.
This is fixed now:
https://mohanboddu.fedorapeople.org/ignition_detached_sigs/ignition-2.4.0-1.gitd18bf90.fc32_detached_sigs/
@bgilbert Please reopen a new ticket for 2.4.1 artifacts.
Metadata Update from @mohanboddu: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.