Now that ostree metadata is signed we should start configuring our media so that the resulting systems verify signatures with something like this:
# cat /etc/ostree/remotes.d/fedora-atomic.conf [remote "fedora-atomic"] url=https://dl.fedoraproject.org/pub/fedora/linux/atomic/25/ gpg-verify=true gpgkeypath=/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-25-primary
Are there any issues that need to be resolved first?
It would be great if this bug got resolved before we enabled this: https://github.com/projectatomic/rpm-ostree/issues/630
Metadata Update from @dustymabe: - Issue tagged with: host
going to make this a goal for f26 since that is almost here anyway.
Metadata Update from @dustymabe: - Issue tagged with: F26
Metadata Update from @dustymabe: - Issue assigned to dustymabe
we'll do this for f26 after alpha freeze when we can get patrick to sign all of the commits in the repo.
Let's try to do rawhide first?
Good idea I'll send in some PRs for that.
signatures don't seem to be in place for rawhide. will have to get @puiterwijk to look at it.
Sent in a patch to get this working for rawhide:
those patches are now merged
i'd still like to get a new ostree release out so I can get the fix for this issue in: https://github.com/projectatomic/rpm-ostree/issues/630
this is done - images from last night look good.
https://pagure.io/fedora-lorax-templates/pull-request/23 https://pagure.io/fedora-kickstarts/pull-request/250
Metadata Update from @dustymabe: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.