diff --git a/modules/sysadmin_guide/nav.adoc b/modules/sysadmin_guide/nav.adoc index ad361a7..a90e549 100644 --- a/modules/sysadmin_guide/nav.adoc +++ b/modules/sysadmin_guide/nav.adoc @@ -87,7 +87,7 @@ ** xref:packagereview.adoc[Package Review - SOP] ** xref:pagure.adoc[Pagure Infrastructure - SOP] ** xref:pdc.adoc[PDC - SOP] -** xref:pesign-upgrade.adoc[pesign-upgrade - SOP in review ] +** xref:pesign-upgrade.adoc[Pesign upgrades/reboots - SOP] ** xref:planetsubgroup.adoc[planetsubgroup - SOP in review ] ** xref:publictest-dev-stg-production.adoc[publictest-dev-stg-production - SOP in review ] ** xref:rabbitmq.adoc[rabbitmq - SOP in review ] diff --git a/modules/sysadmin_guide/pages/pesign-upgrade.adoc b/modules/sysadmin_guide/pages/pesign-upgrade.adoc index a86f0f3..ab5d539 100644 --- a/modules/sysadmin_guide/pages/pesign-upgrade.adoc +++ b/modules/sysadmin_guide/pages/pesign-upgrade.adoc @@ -2,7 +2,7 @@ Fedora has (currently) 2 special builders. These builders are used to build a small set of packages that need to be signed for secure boot. -These packages include: grub2, shim, kernel, pesign-test-app +These packages include: _grub2_, _shim_, _kernel_, _pesign-test-app_ When rebooting or upgrading pesign on these machines, you have to follow a special process to unlock the signing keys. @@ -20,15 +20,15 @@ Purpose:: == Procedure -{empty}0. Coordinate with pesign maintainers or pesign-test-app +[arabic] +. Coordinate with pesign maintainers or _pesign-test-app_ commiters as well as releng folks that have the pin to unlock the signing key. -[arabic] -. remove builder from koji: +. Remove builder from koji: + .... -koji disable-host bkernel01.phx2.fedoraproject.org +koji disable-host bkernel01.iad2.fedoraproject.org .... . Make sure all builds have completed. . Stop existing processes: @@ -54,8 +54,8 @@ pesign-client -t "OpenSC Card (Fedora Signer)" -u remove other builder: + .... -koji enable-host bkernel01.phx2.fedoraproject.org -koji disable-host bkernel02.phx2.fedoraproject.org +koji enable-host bkernel01.iad2.fedoraproject.org +koji disable-host bkernel02.iad2.fedoraproject.org .... . Have a commiter send a build of pesign-test-app and make sure it's signed correctly.