I have GnuPG with Thales HSM installed on a system to be my dedicated signing server. I can "rpm -addsign PACKAGE.rpm" and it is signed as expected. I believe that I need to copy the OBS /usr/sbin/signd and /etc/systemd/system/multi-user.target.wants/obssignd.service to this system. I'm not sure how to configure obssignd.service or /etc/signd.conf to simply use my enhanced rpm without it trying to do its own private key management/configuration. Am I on the right track?
I suspect that I need to use "--project" for calling /usr/sbin/signd from obssignd.service