Sigul – How to Sign

How to Sign Packages
This post is to explain the process of signing packages on sigul with a sigul client and how to test your configuration. To setup clients and troubleshoot problems check my other posts:
Sigul Client Setup
Connection to Sigul Server/Bridge
Sigul Problems and Troubleshooting

Sigul passwords/passphrases
First step is to change your passwords, if someone else set them up.
Change sigul admin password:

sigul modify-user --change-password username

Change sigul passphrase: (Replace pidora-18 with your key name)

sigul change-passphrase pidora-18

Setup FAS2 account and koji
Next if you are planning to use, then you will need to run the command:


This will bring in your FAS2 certs. Then setup koji on this account like you normally would.
For armv6 build and using japan:

Testing sigul and koji
Now we will start signing packages. To test that sigul is working try a command like listing the users:

sigul -v -v list-user

And then try a command to see if you have access to your key:

sigul get-public-key pidora-18

Finally try using koji with a task. (Also make sure you are a admin in koji)

armv6-koji list-hosts

If all of these are successful, then you are ready to use

Signing packages with sigulsign_unsigned
Signing run across all unsigned packages then import into koji:

~/.sigul/ -v --tag=f18-rpfr --inherit --write-all pidora-18

Sign a single package and import into koji:

~/ -v pidora-18 [n-v-r]

Manually signing packages without sigulsign_unsigned
It’s much easier to use, but if you must sign it manually… To manually sign a single package without you will need to run a few commands. First, sign the rpm and output the signed file:

sigul sign-rpm -o output-sign-rpm-file.rpm pidora-18 unsigned-rpm-file.rpm

Next, import the signature into koji:

koji import-sig signed-rpm-file.rpm

Finally, write the signed rpm to koji: (Make sure it matches the n-v-r exactly as in koji, good way to check is by looking at the directory structure in /mnt/koji/packages)

koji write-signed-rpm f1590cd5 n-v-r

If you are running into errors trying to sign a package, check out 2 of my upcoming posts:
Sigul troubleshooting
Sigul client setup


About oatleywillisa

Computer Networking Student
This entry was posted in SBR600 and tagged , , , , , , , , , , , . Bookmark the permalink.

2 Responses to Sigul – How to Sign

  1. Pingback: Sigul – Setting up a Sigul Client | Andrew Oatley-Willis

  2. Pingback: Sigul – Connecting to server/bridge | Andrew Oatley-Willis

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s