Signing metadata requires a lot of manual interaction and knowledge of the customer. This was the reason why we never implemented it for SUMA as the benefit was very low.

Now with the change in the zypp stack to not allow installing unsigned RPMs without user interaction or completly disabling GPG checks the benefit of such a feature increased.

I plan to implement this without any GUI support.

  • the customer need to create an own GPG key pair
  • the customer need to enable this feature in the config and configure the keyid and the password
  • during metadata generation the taskomatic task check, if metadata signing is configured and only then sign them
  • if metadata signing is configured, we need to change the GPG check options of the repos.

Looking for mad skills in:

susemanager uyuni

This project is part of:

Hack Week 17

Activity

  • over 1 year ago: dmaiocchi liked Teach SUMA to sign repository metadata
  • over 1 year ago: mcalmer added keyword "uyuni" to Teach SUMA to sign repository metadata
  • over 1 year ago: mcalmer added keyword "susemanager" to Teach SUMA to sign repository metadata
  • over 1 year ago: mcalmer started Teach SUMA to sign repository metadata
  • over 1 year ago: mcalmer originated Teach SUMA to sign repository metadata
  • Show History

    Comments

    Be the first to comment!

    Similar Projects

    Suse Manager - SPA by LuNeves

    The experience while navigating throughout the ...


    terracumber: python replacement for sumaform-test-runner by juliogonzalezgil

    At SUSE Manager and Uyuni we use right now a se...


    Ant Ivy OBS resolver by cbosdonnat

    SUSE Manager uses an ivy repository on the R&D ...


    terracumber: python replacement for sumaform-test-runner by juliogonzalezgil

    At SUSE Manager and Uyuni we use right now a se...


    Uyuni (property based testing (with (lisp) )) by dmaiocchi

    I will not have the time for bootstrapping this...