#6546 Remove the signing part and changed the releases
Closed 3 years ago by mohanboddu. Opened 4 years ago by mohanboddu.
mohanboddu/releng remove_signing  into  master

@@ -47,14 +47,14 @@ 

  ::

  

      $ cd /var/cache/sigul

-     $ sudo -u apache bodhi-push --releases '24 23 22 5 6 7' --username <yourusername>

+     $ sudo -u apache bodhi-push --releases 'f25,f24,epel-7,EL-6,EL-5' --username <yourusername>

      <enter your password+2factorauth, then your fas password>

  

  You can say 'n' to the push at this point if you wish to sign packages (see

  below). Or you can keep this request open in a window while you sign the

  packages, then come back and say y.

  

- List the releases above you wish to push from: 24 23 22 5 6 7, etc

+ List the releases above you wish to push from: 25 24 5 6 7, etc

  

  You can also specify ``--request=testing`` to limit pushes. Valid types are

  ``testing`` or ``stable``.
@@ -68,7 +68,7 @@ 

  ::

  

      $ cd /var/cache/sigul

-     $ sudo -u apache bodhi-push --releases 24 --request=testing \

+     $ sudo -u apache bodhi-push --releases f25 --request=testing \

          --username <username>

  

  Then
@@ -76,7 +76,7 @@ 

  ::

  

      $ cd /var/cache/sigul

-     $ sudo -u apache bodhi-push --releases '23 22 5 6 7' --username <username>

+     $ sudo -u apache bodhi-push --releases 'f24,epel-7,EL-6,EL-5' --username <username>

  

  Pushing Stable updates during freeze

  ------------------------------------
@@ -90,59 +90,14 @@ 

      $ sudo -u apache bodhi-push --builds '<nvr1> <nvr2> ...' --username <username>

  

  

- Sign the packages

- -----------------

- 

- * Sign builds using scripts/sigulsign_unsigned.py from releng git repo

- 

-   ::

- 

-     $ ./sigulsign_unsigned.py -vv --write-all \

-         --sigul-batch-size=25 fedora-22 \

-         $(cat /var/cache/sigul/Stable-F22 /var/cache/sigul/Testing-F22)

- 

- (Make sure you sign each release with the right key... ie, 'fedora-19' key

- with F19 packages, or 'epel-5' with EL-5 packages)

- 

- Here is another example, inside a loop:

- 

- ::

- 

-     for i in 24 23 22;

-     do

-         ~/releng/scripts/sigulsign_unsigned.py \

-             fedora-$i -v --write-all \

-             --sigul-batch-size=25 $(cat /var/cache/sigul/{Stable,Testing}-F${i});

-     done

- 

-     for i in 7 6 5;

-     do

-         ~/releng/scripts/sigulsign_unsigned.py \

-             epel-$i -v --write-all \

-             --sigul-batch-size=25 $(cat /var/cache/sigul/{Stable,Testing}-*EL-${i});

-     done

- 

- 

- * If signing process struggles to finish, then consider adjusting the

-   ``--sigul-batch-size=N`` to ``1``, which is more resilient but much slower.

- 

- Repeat gathering updates and signing steps

- ------------------------------------------

- 

- After gathering the list of updates and signing them, repeat the process until

- there are no new updates to be signed. You want to do this because as you are

- signing updates, maintainers are submitting new ones. There is a window while

- you are signing that a new update will be added and if you just push then, the

- push will fail with an unsigned package.

- 

  Perform the bodhi push

  ----------------------

  

- Re-run the earlier bodhi command from step 2 and say 'y' to push.

+ Say 'y' to push for the above command.

  

  Verification

  ============

- #. Monitor the sysemd journal

+ #. Monitor the systemd journal

  

     ::

  

@@ -0,0 +1,37 @@ 

+ Sign the packages

+ -----------------

+ 

+ * This doc explains how to sign builds in the release(s).

+  

+ * Sign builds using scripts/sigulsign_unsigned.py from releng git repo

+  

+   ::

+  

+     $ ./sigulsign_unsigned.py -vv --write-all \

+         --sigul-batch-size=25 fedora-22 \

+         $(cat /var/cache/sigul/Stable-F22 /var/cache/sigul/Testing-F22)

+  

+ (Make sure you sign each release with the right key... ie, 'fedora-19' key

+ with F19 packages, or 'epel-5' with EL-5 packages)

+ 

+ Here is another example, inside a loop:

+ 

+ ::

+ 

+     for i in 24 23 22;

+     do

+         ~/releng/scripts/sigulsign_unsigned.py \

+             fedora-$i -v --write-all \

+             --sigul-batch-size=25 $(cat /var/cache/sigul/{Stable,Testing}-F${i});

+     done

+ 

+     for i in 7 6 5;

+     do

+         ~/releng/scripts/sigulsign_unsigned.py \

+             epel-$i -v --write-all \

+             --sigul-batch-size=25 $(cat /var/cache/sigul/{Stable,Testing}-*EL-${i});

+     done

+ 

+ 

+ * If signing process struggles to finish, then consider adjusting the

+   ``--sigul-batch-size=N`` to ``1``, which is more resilient but much slower.

we should keep this section and put it into a new sop for manual signing rpms. just in case

rebased

3 years ago

Pull-Request has been closed by mohanboddu

3 years ago