You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Copying from #2986, which focused on upload-time signing:
[praiskup]
I'm afraid there will be a need for after-upload (re)signing, at least from time to time. We did a mass resign before, and resigning is quite common for Koji. Also, for example there's a Copr related problem with rpm && "prolonged" signing keys
(we have to solve this somehow, and we are not quite sure what to do right now, re-signing is one of the options)
[bersace]
We would like to resign package from remote as well as after upload. We may also want to resign because we updated the signing key. (#2986 (comment))
Describe the solution you'd like
Be able to sign RPM packages after they are already in Pulp.
Describe alternatives you've considered
Ask people to get an RPM from Pulp and do a on-upload signature (inefficient).
Additional context
Some context and useful discussion can be found in #2986
General notes:
It'll require that the whole artifact is downloaded and re-uploaded from storage.
A new artifact will be produced and the old is not automatically destroyed.
We cant easily tell if a pulp package is signed in the first place
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
Copying from #2986, which focused on upload-time signing:
Describe the solution you'd like
Be able to sign RPM packages after they are already in Pulp.
Describe alternatives you've considered
Ask people to get an RPM from Pulp and do a on-upload signature (inefficient).
Additional context
Some context and useful discussion can be found in #2986
General notes:
The text was updated successfully, but these errors were encountered: