...
- Sign packages
On Debian systems create the signature for the top-level Release fil
Code Block gpg -u <you key ID> -ab o Release.gpg Release
On RPM-bases distros create ~/.rpmmacors files (due to a bug, RPM can not use DSA keys longer than 1024 bytes, so you better use a buggy RSA for that)
Code Block % cat > ~/.rpmmacros <<_EOF %_signature gpg %_gpg_name <you signing key ID> _EOF % rpmsign --resign [fedora,centos,opensuse,sles]/*/x86_64/**/**/*rpm # recreate the repos % for r in fedora centos opensuse sles; do pushd; cd $r; createrepo -v *; popd; done
Sign *.repo and *list files
Code Block % gpg --sign -u <you key ID> -a [fedora,redhat,opensuse,sles]/*/x86_64/**/bigtop.[repo,list]
Sync signed packages to bigtop.s3.amazonaws.com (ask a previous release manager about the details and credentials). Be aware: just sync apt/ directory for *.deb distributions, otherwise you'll copy two versions of the packages.
Commit the repo files to the svn next to the X.Y.Z release sources (ToDo)
...