From 100c9b484dabfc9e3a2875e8366b6908852b717c Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Thu, 8 Feb 2024 15:18:44 -0800 Subject: [PATCH] robosignatory: resign f40 tagged packages with f41 key This is to prep for branching next week. We want to set this so we can tell robosgnatory to resign all the f40 tagged packages with f41. Also, newly tagged packages will also be signed, so by the time we branch everything should be signed for both branched (f40) and new rawhide (f41). Signed-off-by: Kevin Fenzi --- roles/robosignatory/templates/robosignatory.toml.j2 | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/robosignatory/templates/robosignatory.toml.j2 b/roles/robosignatory/templates/robosignatory.toml.j2 index 0fa30e8847..756046a3ea 100644 --- a/roles/robosignatory/templates/robosignatory.toml.j2 +++ b/roles/robosignatory/templates/robosignatory.toml.j2 @@ -408,7 +408,7 @@ handlers = ["console"] # ima file signing - enabled in f37 file_signing_key = "fedora-38-ima" {% endif %} - + # f38 resigning [[consumer_config.koji_instances.primary.tags]] from = "f38" @@ -433,6 +433,14 @@ handlers = ["console"] keyid = "{{ (env == 'production')|ternary('18B8e74c', 'd300e724') }}" file_signing_key = "fedora-39-ima" + # resigning f40 builds with f41 key before branching. Remove after branching. + [[consumer_config.koji_instances.primary.tags]] + from = "f40" + to = "f40" + key = "{{ (env == 'production')|ternary('fedora-41', 'testkey') }}" + keyid = "{{ (env == 'production')|ternary('2e99d6ad1', 'd300e724') }}" + file_signing_key = "fedora-41-ima" + # F40 Mass Rebuild [[consumer_config.koji_instances.primary.tags]] from = "f40-rebuild"