forked from srbala/fedora-kickstarts
atomic: enable gpg verification after install
Taking the first step towards enabling gpg verification for our
users we'll make it so that the media they download will verify
gpg signatures of commits by default.
The next step is to enable gpg verification during install as well
but there is a race condition where the commit that was just created
might not yet be signed. See [1] for more details.
[1] https://pagure.io/pungi/issue/650
(cherry picked from commit 467f7dcb3c
)
This commit is contained in:
parent
ead98e05d6
commit
7760932d53
@ -41,7 +41,7 @@ reboot
|
|||||||
# temporary "dev" repo url above. We want to change the remote
|
# temporary "dev" repo url above. We want to change the remote
|
||||||
# we use to match where the repo will live for the entirety of f26.
|
# we use to match where the repo will live for the entirety of f26.
|
||||||
ostree remote delete fedora-atomic
|
ostree remote delete fedora-atomic
|
||||||
ostree remote add --set=gpg-verify=false fedora-atomic 'https://kojipkgs.fedoraproject.org/atomic/26/'
|
ostree remote add --set=gpg-verify=true --set=gpgkeypath=/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-26-primary fedora-atomic 'https://kojipkgs.fedoraproject.org/atomic/26/'
|
||||||
|
|
||||||
# older versions of livecd-tools do not follow "rootpw --lock" line above
|
# older versions of livecd-tools do not follow "rootpw --lock" line above
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=964299
|
# https://bugzilla.redhat.com/show_bug.cgi?id=964299
|
||||||
|
Loading…
Reference in New Issue
Block a user