particle-os/deb-mock
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
deb-mock/docs/feature-gpg-and-ssl.md
robojerk 4c0dcb2522
Some checks failed
Build Deb-Mock Package / build (push) Successful in 54s
Details
Lint Code / Lint All Code (push) Failing after 1s
Details
Test Deb-Mock Build / test (push) Failing after 36s
Details
enhance: Add comprehensive .gitignore for deb-mock project 
- Add mock-specific build artifacts (chroot/, mock-*, mockroot/)
- Include package build files (*.deb, *.changes, *.buildinfo)
- Add development tools (.coverage, .pytest_cache, .tox)
- Include system files (.DS_Store, Thumbs.db, ._*)
- Add temporary and backup files (*.tmp, *.bak, *.backup)
- Include local configuration overrides (config.local.yaml, .env.local)
- Add test artifacts and documentation builds
- Comprehensive coverage for Python build system project

This ensures build artifacts, chroot environments, and development
tools are properly ignored in version control.
2025-08-18 23:37:49 -07:00

49 lines
1.9 KiB
Markdown
Raw Blame History

---
layout: default
title: GPG keys and SSL certificates
---
## GPG Keys
When you want to verify GPG keys during installation in build root you can use something like in the config:
```python
config_opts['dnf.conf'] = """
... SNIP
[appstream]
name=CentOS Stream $releasever - AppStream
metalink=https://mirrors.centos.org/metalink?repo=centos-appstream-$releasever-stream&arch=$basearch
gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
gpgcheck=1
... SNIP
"""
```
The path in `gpgkey` refers to the path in a buildchroot. How do you get your GPG key to buildchroot? There are several ways:
### Distribution-GPG-Keys
The package `distribution-gpg-key` is a requirement of Mock and is installed into buildchroot. The easiest way
is to add your package to [distribution-gpg-key project](https://github.com/xsuchy/distribution-gpg-keys/) and then
your key will be automatically present in both of host and buildroot.
This is the preferred way for any new config added to `mock-core-configs`.
### Local key
Any file named `RPM-GPG-KEY-*` in the `/etc/pki/mock/` on the host is copied to buildchroot to the same path.
You can use it for your personal GPG keys.
## SSL certificates
Mock copy whole `/etc/pki/ca-trust/extracted` directory from the host to chroot. So the
chroot environment should recognize all SSL certificates your host knows.
If you need to add some specific certificate, you can add this part in your config:
# Copy host's SSL certificate bundle ('/etc/pki/tls/certs/ca-bundle.crt') into
# specified location inside chroot. This usually isn't needed because we copy
# the whole /etc/pki/ca-trust/extracted directory recursively by default, and
# Fedora or EL systems work with that. But some destination chroots can have
# different configuration, and copying the bundle helps.
#config_opts['ssl_ca_bundle_path'] = None
Reference in a new issue View git blame Copy permalink