Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

robosignatory: ima sign side tags, infra tag, modular tags and pending

Browse source 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2022-07-27 10:02:01 -07:00
parent 9ddd3e2e6d
commit b8a4eda79e
1 changed files with 16 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

17
roles/robosignatory/templates/robosignatory.toml.j2
View file

@ -124,6 +124,10 @@ handlers = ["console"]
to = "f37-infra-stg"
key = "{{ (env == 'production')|ternary('fedora-infra', 'testkey') }}"
keyid = "{{ (env == 'production')|ternary('47dd8ef9', 'd300e724') }}"
{% if env == "production" %}
# ima file signing - enabled in f37
file_signing_key = "fedora-37-ima"
{% endif %}
# Gated coreos-pool tag
@ -162,12 +166,20 @@ handlers = ["console"]
from = '<sidetag>-signing-pending'
to = '<sidetag>-testing-pending'
trusted_taggers = ['bodhi']
{% if env == "production" %}
# ima file signing - enabled in f37
file_signing_key = "fedora-37-ima"
{% endif %}
[[consumer_config.koji_instances.primary.tags]]
from = "f37-pending"
to = "f37"
key = "{{ (env == 'production')|ternary('fedora-37', 'testkey') }}"
keyid = "{{ (env == 'production')|ternary('5323552a', 'd300e724') }}"
{% if env == "production" %}
# ima file signing - enabled in f37
file_signing_key = "fedora-37-ima"
{% endif %}
[[consumer_config.koji_instances.primary.tags]]
from = "f37-modular-pending"
@ -351,8 +363,11 @@ handlers = ["console"]
to = "f37-openh264"
key = "{{ (env == 'production')|ternary('fedora-37', 'testkey') }}"
keyid = "{{ (env == 'production')|ternary('5323552a', 'd300e724') }}"
{% if env == "production" %}
# ima file signing - enabled in f37
file_signing_key = "fedora-37-ima"
{% endif %}
[[consumer_config.koji_instances.primary.tags]]
from = "f36-openh264"
to = "f36-openh264"