Mailinglist Archive: opensuse-buildservice (132 mails)

< Previous Next >
Re: [opensuse-buildservice] Exporting OBS Package Signing Key
On Freitag, 30. Januar 2015, 08:41:57 wrote Nick Walter:
Hi, hoping somebody on the list can help me with a problem I'm trying to
solve.

I am currently using OBS to build RPMs for a variety of architectures
I need to support. However, I also have some RPMs that are built by
Jenkins. Ideally, I would like to be able to have the packages built
by Jenkins signed using the private GPG key in use under OBS and
collect them under a single YUM repo. I have found what I believe to
be the signing (private GPG) key on OBS:

/obs/projects/<my-project>/_signkey

However, it is not in the format I expected (i.e. with a '-----BEGIN
PGP PRIVATE KEY BLOCK-----' header followed by a chunk of base64; it
is simply a long string of hexadecimal chars. So, this has left me
with two questions:

1. Is this indeed the OBS key used to sign my RPMs under this project?

yes, but it is encrypted itself with the OBS master key. (allows to
keep the master key on a special protected system, but you can still
backup the backend server with the keys).

2. If so, how can I export this _signkey to a GPG format I can use
with rpm --addsign?

decrypt it with your instance master key

--

Adrian Schroeter
email: adrian@xxxxxxx

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Jennifer Guild, Dilip
Upmanyu, Graham Norton, HRB 21284 (AG Nürnberg)
Maxfeldstraße 5
90409 Nürnberg
Germany


--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
References