davidlt
/
fedora-kickstarts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

atomic: enable gpg verification after install 

Taking the first step towards enabling gpg verification for our
users we'll make it so that the media they download will verify
gpg signatures of commits by default.

The next step is to enable gpg verification during install as well
but there is a race condition where the commit that was just created
might not yet be signed. See [1] for more details.

[1] https://pagure.io/pungi/issue/650
This commit is contained in:
Dusty Mabe 2017-06-23 08:40:55 -04:00
parent 75a71d5aa4
commit 467f7dcb3c
No known key found for this signature in database
GPG Key ID: 3302DBD73952E671
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fedora-atomic.ks
View File

@ -42,7 +42,7 @@ reboot
# This location is where the compose gets synced to after the compose
# is done.
ostree remote delete fedora-atomic
ostree remote add --set=gpg-verify=false fedora-atomic 'https://kojipkgs.fedoraproject.org/atomic/rawhide/'
ostree remote add --set=gpg-verify=true --set=gpgkeypath=/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-27-primary fedora-atomic 'https://kojipkgs.fedoraproject.org/atomic/rawhide/'
# older versions of livecd-tools do not follow "rootpw --lock" line above
# https://bugzilla.redhat.com/show_bug.cgi?id=964299