From 3c02bf385d5f4deb94e77ebbc9526e676c214502 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 23 Aug 2017 17:44:58 -0400 Subject: [PATCH] atomic: re-enable ostree commit gpg checking In d57f0a2 we managed to lose enablement of gpg signature checking in Fedora Atomic Host. Re-enable it now. --- fedora-atomic.ks | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fedora-atomic.ks b/fedora-atomic.ks index 0fc966b..3356b88 100644 --- a/fedora-atomic.ks +++ b/fedora-atomic.ks @@ -48,6 +48,10 @@ ostree refs fedora-atomic:fedora/26/x86_64/updates/atomic-host --create fedora-a # cleaned up. ostree refs fedora-atomic:fedora/26/x86_64/updates/atomic-host --delete +# delete/add the remote with new options to enable gpg verification +ostree remote delete fedora-atomic +ostree remote add --set=gpg-verify=true --set=gpgkeypath=/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-26-primary fedora-atomic 'https://kojipkgs.fedoraproject.org/atomic/26/' + # older versions of livecd-tools do not follow "rootpw --lock" line above # https://bugzilla.redhat.com/show_bug.cgi?id=964299 passwd -l root