diff --git a/roles/robosignatory/templates/robosignatory.toml.j2 b/roles/robosignatory/templates/robosignatory.toml.j2 index 3ff27e6af6..638059f59d 100644 --- a/roles/robosignatory/templates/robosignatory.toml.j2 +++ b/roles/robosignatory/templates/robosignatory.toml.j2 @@ -137,7 +137,7 @@ handlers = ["console"] from = "f39-infra-candidate" to = "f39-infra-stg" key = "{{ (env == 'production')|ternary('fedora-infra', 'testkey') }}" - keyid = "{{ (env == 'production')|ternary('eb10b464', 'd300e724') }}" + keyid = "{{ (env == 'production')|ternary('18B8e74c', 'd300e724') }}" {% if env == "production" %} # ima file signing - enabled in f37 file_signing_key = "fedora-39-ima" @@ -175,7 +175,7 @@ handlers = ["console"] from = "f39-coreos-signing-pending" to = "coreos-pool" key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" - keyid = "{{ (env == 'production')|ternary('eb10b464', 'd300e724') }}" + keyid = "{{ (env == 'production')|ternary('18B8e74c', 'd300e724') }}" {% if env == "production" %} # ima file signing - enabled in f37 file_signing_key = "fedora-39-ima" @@ -187,7 +187,7 @@ handlers = ["console"] from = "f39-signing-pending" to = "f39-updates-testing-pending" key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" - keyid = "{{ (env == 'production')|ternary('eb10b464', 'd300e724') }}" + keyid = "{{ (env == 'production')|ternary('18B8e74c', 'd300e724') }}" {% if env == "production" %} # ima file signing - enabled in f37 file_signing_key = "fedora-39-ima" @@ -207,7 +207,7 @@ handlers = ["console"] from = "f39-pending" to = "f39" key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" - keyid = "{{ (env == 'production')|ternary('eb10b464', 'd300e724') }}" + keyid = "{{ (env == 'production')|ternary('18B8e74c', 'd300e724') }}" {% if env == "production" %} # ima file signing - enabled in f37 file_signing_key = "fedora-39-ima" @@ -217,14 +217,14 @@ handlers = ["console"] from = "f39-modular-pending" to = "f39-modular" key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" - keyid = "{{ (env == 'production')|ternary('eb10b464', 'd300e724') }}" + keyid = "{{ (env == 'production')|ternary('18B8e74c', 'd300e724') }}" type = "modular" [[consumer_config.koji_instances.primary.tags]] from = "f39-modular-updates-candidate" to = "f39-modular" key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" - keyid = "{{ (env == 'production')|ternary('eb10b464', 'd300e724') }}" + keyid = "{{ (env == 'production')|ternary('18B8e74c', 'd300e724') }}" type = "modular" [[consumer_config.koji_instances.primary.tags]] @@ -241,35 +241,35 @@ handlers = ["console"] keyid = "{{ (env == 'production')|ternary('eb10b464', 'd300e724') }}" type = "modular" - #[[consumer_config.koji_instances.primary.tags]] - #from = "f37-signing-pending" - #to = "f37-updates-testing-pending" - #key = "{{ (env == 'production')|ternary('fedora-37', 'testkey') }}" - #keyid = "{{ (env == 'production')|ternary('5323552a', 'd300e724') }}" - #{% if env == "production" %} - ## ima file signing - disable for now per fesco - #file_signing_key = "fedora-37-ima" - #{% endif %} + [[consumer_config.koji_instances.primary.tags]] + from = "f37-signing-pending" + to = "f37-updates-testing-pending" + key = "{{ (env == 'production')|ternary('fedora-37', 'testkey') }}" + keyid = "{{ (env == 'production')|ternary('5323552a', 'd300e724') }}" + {% if env == "production" %} + # ima file signing - disable for now per fesco + file_signing_key = "fedora-37-ima" + {% endif %} - #[consumer_config.koji_instances.primary.tags.sidetags] - #pattern = 'f37-build-side-' - #from = '-signing-pending' - #to = '-testing-pending' - #trusted_taggers = ['bodhi'] - #{% if env == "production" %} - ## ima file signing - disable for now per fesco - #file_signing_key = "fedora-37-ima" - #{% endif %} + [consumer_config.koji_instances.primary.tags.sidetags] + pattern = 'f37-build-side-' + from = '-signing-pending' + to = '-testing-pending' + trusted_taggers = ['bodhi'] + {% if env == "production" %} + # ima file signing - disable for now per fesco + file_signing_key = "fedora-37-ima" + {% endif %} - #[[consumer_config.koji_instances.primary.tags]] - #from = "f37-pending" - #to = "f37" - #key = "{{ (env == 'production')|ternary('fedora-37', 'testkey') }}" - #keyid = "{{ (env == 'production')|ternary('5323552a', 'd300e724') }}" - #{% if env == "production" %} - ## ima file signing - disable for now per fesco - #file_signing_key = "fedora-37-ima" - #{% endif %} + [[consumer_config.koji_instances.primary.tags]] + from = "f37-pending" + to = "f37" + key = "{{ (env == 'production')|ternary('fedora-37', 'testkey') }}" + keyid = "{{ (env == 'production')|ternary('5323552a', 'd300e724') }}" + {% if env == "production" %} + # ima file signing - disable for now per fesco + file_signing_key = "fedora-37-ima" + {% endif %} [[consumer_config.koji_instances.primary.tags]] from = "f37-modular-pending" @@ -435,7 +435,7 @@ handlers = ["console"] from = "f39-openh264" to = "f39-openh264" key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" - keyid = "{{ (env == 'production')|ternary('eb10b464', 'd300e724') }}" + keyid = "{{ (env == 'production')|ternary('18B8e74c', 'd300e724') }}" {% if env == "production" %} # ima file signing - enabled in f37 file_signing_key = "fedora-39-ima"