particle-os/debian-koji
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

doc: clarify rpm imports

Browse source 
Related: https://pagure.io/koji/issue/3281
This commit is contained in:
Tomas Kopecek 2022-03-24 12:57:10 +01:00
parent 75b3cc4fea
commit e720df320b
2 changed files with 17 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
docs/source/server_bootstrap.rst
View file

@ -12,7 +12,7 @@ Koji repo administration daemon (``kojira``) is properly configured and
running, and at least one Koji builder (``kojid``) is properly
configured and running. All koji cli commands assume that the user is a
Koji *admin*. If you need help with these tasks, see the
`ServerHowTo <Koji/ServerHowTo>`__ .
:doc:`ServerHowTo <server_howto>`.
- Download all source rpms and binary rpms for the arches you're
interested in
@ -29,6 +29,12 @@ the need to upload them to the hub and **very significantly** increasing
import speed. When using ``--link``, you must run as root. It is
**highly** recommended that you use ``--link``.
If an imported rpm contains an rpm signature, the import does not automatically
write out a signed copy for that signature. The primary copy will be the signed
rpm, and the signature will be noted. If a signed copy is desired (e.g. for
generating :doc:`distrepos <exporting_repositories>`), you can use the koji
write-signed-rpm command.
- Import all binary rpms using the same method as above
- Create a new tag

12
docs/source/signing.rst
View file

@ -74,8 +74,8 @@ A lower-level command that shows the signature on an RPM file (the
Learn more about RPM signatures and digests in `RPM's reference manual
<https://rpm-software-management.github.io/rpm/manual/signatures_digests.html>`_.
Uploding signed RPMs to Koji
----------------------------
Uploading signed RPMs to Koji
-----------------------------
Koji does not sign RPMs. Instead, Koji imports RPMs that are signed with a separate key.
@ -95,6 +95,14 @@ The ``koji import-sig`` command uploads the signed RPM headers to the Koji
Hub, which stores the headers on disk alongside the main unsigned RPM.
It also writes out a full signed RPM.
Another variant is to import whole signed rpms (e.g. during :doc:`bootstrapping
<server_bootstrap>` via ``koji import`` command.) If such an imported rpm
contains an rpm signature, the import does not automatically write out a signed
copy for that signature (in contrast with ``import-sig``). The primary copy will
be the signed rpm, and the signature will be noted. If a signed copy is desired
(e.g. for generating :doc:`distrepos <exporting_repositories>`), you can use the
koji write-signed-rpm command.
Downloading a signed RPM from Koji
----------------------------------