ensure things are properly signed before uploading to stage #425
Conversation
evgeni
force-pushed
the
ensure-everything-signed
branch
from
52e1104 to
72ee6e0
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
settings
Dismissed
| @@ -67,6 +68,7 @@ | |||
| RPM_PACKAGES=() | |||
| PACKAGING_PR=${PACKAGING_PR:-true} | |||
| GPG_EXPIRE="1y" | |||
| STAGE_LOCAL_BASE="tmp/$PROJECT/$VERSION" | |||
Check warning
Code scanning / shellcheck
YUM_HOSTS appears unused. Verify use (or export if used externally). Warning
There was a problem hiding this comment.
we could also use RPMDIR (which is currently unused) here… questions and choices.
@ehelms do you recall why tmp/ was used vs the previously existing path?
There was a problem hiding this comment.
I suspect it was previously used by the other script and @ehelms didn't want to conflict with it, but now that koji is cleaned up it's an unused variable. When I introduced it, it made sense to me to store it in the release itself.
There was a problem hiding this comment.
@ehelms do you recall why
tmp/was used vs the previously existing path?
What previously existing path? I was the first to introduce the notion of generating staging repositories locally :)
There was a problem hiding this comment.
But not the first one who had to download rpms, sign them and upload the signatures, which we did in RPMDIR
There was a problem hiding this comment.
Fair. My motivation was that I wanted the generation of the repositories to be co-located, easy to clean up and to mimic the structure they would have on the staging repository server to allow easier testing and verification of them.
There was a problem hiding this comment.
Aye. It's probably fine being in tmp and thrown away later. Probably bit if cleanup we can perform later.
evgeni
force-pushed
the
ensure-everything-signed
branch
from
8e99616 to
8f5db87
Compare
No description provided.