Sigul – How to Sign

How to Sign Packages
This post is to explain the process of signing packages on sigul with a sigul client and how to test your configuration. To setup clients and troubleshoot problems check my other posts:
Sigul Client Setup
Connection to Sigul Server/Bridge
Sigul Problems and Troubleshooting

Sigul passwords/passphrases
First step is to change your passwords, if someone else set them up.
Change sigul admin password:

sigul modify-user --change-password username

Change sigul passphrase: (Replace pidora-18 with your key name)

sigul change-passphrase pidora-18

Setup FAS2 account and koji
Next if you are planning to use sigulsign_unsigned.py, then you will need to run the command:

fedora-packager-setup

This will bring in your FAS2 certs. Then setup koji on this account like you normally would.
For armv6 build and using japan: http://blog.chris.tylers.info/index.php?/categories/11-CDOT

Testing sigul and koji
Now we will start signing packages. To test that sigul is working try a command like listing the users:

sigul -v -v list-user

And then try a command to see if you have access to your key:

sigul get-public-key pidora-18

Finally try using koji with a task. (Also make sure you are a admin in koji)

armv6-koji list-hosts

If all of these are successful, then you are ready to use sigulsign_unsigned.py.

Signing packages with sigulsign_unsigned
Signing run across all unsigned packages then import into koji:

~/.sigul/sigulsign_unsigned.py -v --tag=f18-rpfr --inherit --write-all pidora-18

Sign a single package and import into koji:

~/.sigul.sigulsign_unsigned.py -v pidora-18 [n-v-r]

Manually signing packages without sigulsign_unsigned
It’s much easier to use sigulsign_unsigned.py, but if you must sign it manually… To manually sign a single package without sigulsign_unsigned.py you will need to run a few commands. First, sign the rpm and output the signed file:

sigul sign-rpm -o output-sign-rpm-file.rpm pidora-18 unsigned-rpm-file.rpm

Next, import the signature into koji:

koji import-sig signed-rpm-file.rpm

Finally, write the signed rpm to koji: (Make sure it matches the n-v-r exactly as in koji, good way to check is by looking at the directory structure in /mnt/koji/packages)

koji write-signed-rpm f1590cd5 n-v-r

Problems?
If you are running into errors trying to sign a package, check out 2 of my upcoming posts:
Sigul troubleshooting
Sigul client setup

Advertisements

About oatleywillisa

Computer Networking Student
This entry was posted in SBR600 and tagged , , , , , , , , , , , . Bookmark the permalink.

2 Responses to Sigul – How to Sign

  1. Pingback: Sigul – Setting up a Sigul Client | Andrew Oatley-Willis

  2. Pingback: Sigul – Connecting to server/bridge | Andrew Oatley-Willis

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s