From b8a4eda79ed3a80fd3811dd7ee217c7c7f38bcfd Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 27 Jul 2022 10:02:01 -0700 Subject: [PATCH] robosignatory: ima sign side tags, infra tag, modular tags and pending Signed-off-by: Kevin Fenzi --- .../templates/robosignatory.toml.j2 | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/roles/robosignatory/templates/robosignatory.toml.j2 b/roles/robosignatory/templates/robosignatory.toml.j2 index 59e151280f..2264dc1fb6 100644 --- a/roles/robosignatory/templates/robosignatory.toml.j2 +++ b/roles/robosignatory/templates/robosignatory.toml.j2 @@ -124,6 +124,10 @@ handlers = ["console"] to = "f37-infra-stg" key = "{{ (env == 'production')|ternary('fedora-infra', 'testkey') }}" keyid = "{{ (env == 'production')|ternary('47dd8ef9', 'd300e724') }}" + {% if env == "production" %} + # ima file signing - enabled in f37 + file_signing_key = "fedora-37-ima" + {% endif %} # Gated coreos-pool tag @@ -162,12 +166,20 @@ handlers = ["console"] from = '-signing-pending' to = '-testing-pending' trusted_taggers = ['bodhi'] + {% if env == "production" %} + # ima file signing - enabled in f37 + file_signing_key = "fedora-37-ima" + {% endif %} [[consumer_config.koji_instances.primary.tags]] from = "f37-pending" to = "f37" key = "{{ (env == 'production')|ternary('fedora-37', 'testkey') }}" keyid = "{{ (env == 'production')|ternary('5323552a', 'd300e724') }}" + {% if env == "production" %} + # ima file signing - enabled in f37 + file_signing_key = "fedora-37-ima" + {% endif %} [[consumer_config.koji_instances.primary.tags]] from = "f37-modular-pending" @@ -351,8 +363,11 @@ handlers = ["console"] to = "f37-openh264" key = "{{ (env == 'production')|ternary('fedora-37', 'testkey') }}" keyid = "{{ (env == 'production')|ternary('5323552a', 'd300e724') }}" + {% if env == "production" %} + # ima file signing - enabled in f37 + file_signing_key = "fedora-37-ima" + {% endif %} - [[consumer_config.koji_instances.primary.tags]] from = "f36-openh264" to = "f36-openh264"