On Fri, Jan 30, 2015 at 09:56:28AM +0100, Adrian Schröter wrote:
On Freitag, 30. Januar 2015, 08:41:57 wrote Nick Walter:
Hi, hoping somebody on the list can help me with a problem I'm trying to solve.
I am currently using OBS to build RPMs for a variety of architectures I need to support. However, I also have some RPMs that are built by Jenkins. Ideally, I would like to be able to have the packages built by Jenkins signed using the private GPG key in use under OBS and collect them under a single YUM repo. I have found what I believe to be the signing (private GPG) key on OBS:
/obs/projects/<my-project>/_signkey
However, it is not in the format I expected (i.e. with a '-----BEGIN PGP PRIVATE KEY BLOCK-----' header followed by a chunk of base64; it is simply a long string of hexadecimal chars. So, this has left me with two questions:
1. Is this indeed the OBS key used to sign my RPMs under this project?
yes, but it is encrypted itself with the OBS master key. (allows to keep the master key on a special protected system, but you can still backup the backend server with the keys).
2. If so, how can I export this _signkey to a GPG format I can use with rpm --addsign?
decrypt it with your instance master key
You could also use the OBS sign binary instead of rpm --addsign. Cheers, Michael -- Michael Schroeder mls@suse.de SUSE LINUX GmbH, GF Jeff Hawn, HRB 16746 AG Nuernberg main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);} -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org