From 0c85e549e21d925726a394b13015790ce7ad821a Mon Sep 17 00:00:00 2001 From: Tomas Mlcoch Date: Tue, 16 Feb 2016 12:54:28 +0100 Subject: [PATCH] Add documentation for signing support that was added by previous commit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tomáš Mlčoch --- doc/configuration.rst | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/doc/configuration.rst b/doc/configuration.rst index 62173706..47f7692b 100644 --- a/doc/configuration.rst +++ b/doc/configuration.rst @@ -252,6 +252,43 @@ Example } +Signing +======= + +If you want to sign deliverables generated during pungi run like RPM wrapped +images. You must provide few configuration options: + +**signing_command** [optional] + (*str*) -- Command that will be run with a koji build as a single + argument. This command must not require any user interaction. + If you need to pass a password for a signing key to the command, + do this via command line option of the command and use string + formatting syntax ``%(signing_key_password)s``. + (See **signing_key_password_file**). + +**signing_key_id** [optional] + (*str*) -- ID of the key that will be used for the signing. + This ID will be used when crafting koji paths to signed files + (``kojipkgs.fedoraproject.org/packages/NAME/VER/REL/data/signed/KEYID/..``). + +**signing_key_password_file** [optional] + (*str*) -- Path to a file with password that will be formatted + into **signing_command** string via ``%(signing_key_password)s`` + string format syntax (if used). + Because pungi config is usualy stored in git and is part of compose + logs we don't want password to be included directly in the config. + Note: If ``-`` string is used instead of a filename, then you will be asked + for the password interactivelly right after pungi starts. + +Example +------- +:: + + signing_command = '~/git/releng/scripts/sigulsign_unsigned.py -vv --password=%(signing_key_password)s fedora-24' + signing_key_id = '81b46521' + signing_key_password_file = '~/password_for_fedora-24_key' + + Createrepo Settings =================== @@ -650,6 +687,7 @@ Live Images Settings * ``type`` (*str*) -- what kind of task to start in Koji. Defaults to ``live`` meaning ``koji spin-livecd`` will be used. Alternative option is ``appliance`` corresponding to ``koji spin-appliance``. + * ``sign`` (*bool*) -- only RPM-wrapped images can be signed Live Media Settings ===================