atomic: enable gpg verification after install
Taking the first step towards enabling gpg verification for our users we'll make it so that the media they download will verify gpg signatures of commits by default. The next step is to enable gpg verification during install as well but there is a race condition where the commit that was just created might not yet be signed. See [1] for more details. [1] https://pagure.io/pungi/issue/650
This commit is contained in:
parent
75a71d5aa4
commit
467f7dcb3c
@ -42,7 +42,7 @@ reboot
|
|||||||
# This location is where the compose gets synced to after the compose
|
# This location is where the compose gets synced to after the compose
|
||||||
# is done.
|
# is done.
|
||||||
ostree remote delete fedora-atomic
|
ostree remote delete fedora-atomic
|
||||||
ostree remote add --set=gpg-verify=false fedora-atomic 'https://kojipkgs.fedoraproject.org/atomic/rawhide/'
|
ostree remote add --set=gpg-verify=true --set=gpgkeypath=/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-27-primary fedora-atomic 'https://kojipkgs.fedoraproject.org/atomic/rawhide/'
|
||||||
|
|
||||||
# older versions of livecd-tools do not follow "rootpw --lock" line above
|
# older versions of livecd-tools do not follow "rootpw --lock" line above
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=964299
|
# https://bugzilla.redhat.com/show_bug.cgi?id=964299
|
||||||
|
Loading…
Reference in New Issue
Block a user