rpms/fedora-repos
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: rpms:rawhide
Branches Tags
rpms:rawhide
rpms:f43
rpms:main
rpms:f41
rpms:f42
rpms:f40
rpms:f39
rpms:f37
rpms:f38
rpms:f36
rpms:rpm-import-check
rpms:f35
rpms:f33
rpms:f34
rpms:f32
rpms:f31
rpms:f30
rpms:f29
rpms:f28
rpms:f27
rpms:f28-source-merge-2
rpms:f26
rpms:f25
rpms:f24
rpms:f23
rpms:f22
rpms:f21
...
pull from: rpms:f39
Branches Tags
rpms:f43
rpms:main
rpms:rawhide
rpms:f41
rpms:f42
rpms:f40
rpms:f39
rpms:f37
rpms:f38
rpms:f36
rpms:rpm-import-check
rpms:f35
rpms:f33
rpms:f34
rpms:f32
rpms:f31
rpms:f30
rpms:f29
rpms:f28
rpms:f27
rpms:f28-source-merge-2
rpms:f26
rpms:f25
rpms:f24
rpms:f23
rpms:f22
rpms:f21
Sign in to create a new pull request.

8 commits
rawhide ... f39

Author SHA1 Message Date
Samyak Jain
e3102d06f8 Add Fedora 42/43 key 
Signed-off-by: Samyak Jain <samyak.jn11@gmail.com>
 2024-08-20 13:04:19 +05:30
Coiby Xu
a95b7212cb Add IMA certs 
Add Fedora IMA certs,
 - The code-signing keys /etc/keys/ima/* are supposed to be read by the
   dracut integrity module and other user space tools
 - The CA key /usr/share/ima/ca.der is supposed to be built into the
   kernel

Note the dracut integrity module only reads a DER cert and will error if
given other formats,
    Failed to d2i_X509_fp key file: /sysroot/etc/keys/ima/fedora-39-ima.pem
    openssl: error:068000A8:asn1 encoding routines::wrong tag
    openssl: error:0688010A:asn1 encoding routines::nested asn1 error

Signed-off-by: Coiby Xu <coxu@redhat.com>
 2024-05-23 08:52:54 +08:00
Kevin Fenzi
ef3f69ff38 Disable updates_testing for release 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-10-06 11:57:02 -07:00
Tomas Hrcka
4548ca4bbe Enable updates-testing repository 
Signed-off-by: Tomas Hrcka <thrcka@redhat.com>
 2023-09-06 09:27:57 +02:00
Tomas Hrcka
5526f59216 Add archmap for f41 
Signed-off-by: Tomas Hrcka <thrcka@redhat.com>
 2023-08-08 20:37:33 +02:00
Tomas Hrcka
2e0319b26f Add source with f41 key 
Signed-off-by: Tomas Hrcka <thrcka@redhat.com>
 2023-08-08 20:27:49 +02:00
Samyak Jain
57d6b535d6 Add fedora 41 key 
Signed-off-by: Samyak Jain <samyak.jn11@gmail.com>
 2023-08-08 22:04:46 +05:30
Samyak Jain
724c961a79 Fedora 39 branched from rawhide 
Signed-off-by: Samyak Jain <samyak.jn11@gmail.com>
 2023-08-08 20:21:13 +05:30
10 changed files with 131 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

29
RPM-GPG-KEY-fedora-41-primary Normal file
View file

@ -0,0 +1,29 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGTSYSwBEACTHP7OFONk+1B1awJeYToUFMVbYZIjNvj9M7zwf5vzH52FlpXX
dsbs1AWh6NUe0zV1J5JjCGiI24Vjacysg7L2zsbgT48vVv3mXrXorjYOzT/cxsAh
7PNhEx+OevKzAx3oy0Ok27c11Dz0W4ynwVy80gB6XHI2rd04v74TiC0xQYlxj1Sh
j6irdLmHMD/NtTCWmCM7MRf91UcC4rk6JOap715UKey2fk1h/wylv0guMP3o+CpG
jxDHENkfl/GsWCSYBaHec7o5/qg5RoAkN5NImVI00CqiEO1WHPBaCJalgwbuQCiW
006jwVDHJHRoufS85PEKaY9yqd5Fr76kdqCLsf3Ys9yxGVfOTvCaKOa+ElWBo+i6
yOtEO6Qp1Qd5spomBJ+FVPjU89lR9aDnvxIVX7X6zu638qV0K3Lb2HKmqiVG6ccJ
IdxNVXJAekvu7ypwvRzEc0mGgfkZ47flaj7X8SxiebbXhYWdqRBF0rMYc7ppkbCp
5NsD+KJilkfeOGb7VK6Rx5vXmySiNCb9GqN51KRl4Z1qllrc/Q1k5CCMt3AUq0hv
1fwK3eFGtd4/YgF9LoZ0tW8WFZ6h/zWnRvJ/SDBPhtovoSpxptCd18MWiakwvwW0
sxueKFlctdDjW1a/gri3V4RdTOZbr0AqDjGGcYndt/oxMeLxaK9qvs2xIQARAQAB
tDFGZWRvcmEgKDQxKSA8ZmVkb3JhLTQxLXByaW1hcnlAZmVkb3JhcHJvamVjdC5v
cmc+iQJOBBMBCAA4FiEERmzy2LYLwwV6qUU+0GIkYumdatEFAmTSYSwCGw8FCwkI
BwIGFQoJCAsCBBYCAwECHgECF4AACgkQ0GIkYumdatFHIQ//bTSVGDvJGmUxgHJw
MnGM2G6Rc9PNAKuXbh6t4qsrRKp22pWNnMmqqcGaoiBxKP989a2cJgIVP49SsC4C
ewaafEYhsitUtKagx6z3F7UObnvQpOz5U5iFcJCvRDtC4FXq+VkMdhT09zMZY4Ey
ia29bV1B1R7pe7yXh6l3WyVj9AAXUSEBR/OsakaYEMzScLnROBEU1YbWR9iHsc7M
rEsqju8tVUh1XAqIqJgLW3VrKs0g0nDVR0rBc8aDhrtVfylwWVl61gHsPFJfAkjj
OPgvQgThrhlCWo23EZSk/Hj8YRrnhUbEDnk+Z3Xv5Uyl1kxGRk5dGBnv+7u3CKvV
G6sU3tPtna/8rFblfKSMZIPhzTADdsUZ88Fn9pZkfqgPi8LZ4sS8vHtaykZmbfj6
t9a2mBYJQ+/pxiH8olzyhKMdNyesLPeQmESgwM/qlJ+b2Hbogwuuzp8o2JMezxIe
CAwLoPh+hxMPGnBRklh6Vj5R5z29wIZd6pKCavVRfJ+ON94wuOSEofhBfQNZIIFV
jagEbk60iksysxsObfVEHFhtGnZCEgCRC87BfX6tzIIDv23Zs4Bv9gcaaRXTAml2
kZXktduHkV9q3hhcoha5FgGSe244C4GsMUkWCsZtuN6tevUPo+n2ZZAA7ikQ768r
Iz9rPOI8/Ra7qnwSlNIVnkTb9bc=
=e2ew
-----END PGP PUBLIC KEY BLOCK-----

29
RPM-GPG-KEY-fedora-42-primary Normal file
View file

@ -0,0 +1,29 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGXKg9EBEACvsAjRcllcH6mVReU/0hi5YnwqulP7gNgUM4jYPiqucF51g0oW
MbFk0VjDn3QXjrwLNLtj4oxsU+E6OW0jl1732qvjUJ9geEZBuidyFZgq0CCn9K8d
661dPDjN/DzWWogFhnDySFHRLdh6dYCuu75/HKSIVfCud2IFCvT7Bhk4AOpxv4c7
mmX874LFgi49jkAYC0M6UbJ9o3KSCndipf/k0ra2g9dGacqlPfn3PMiTszPDr99d
o4qZ5dVZYC6Sna8GjNhN7b/2xLGQuzdd9LHgPHC/PX7XsvBLu42rqi3q0umJBtjZ
CyFxF5Dp0VMwmVfrKFZOHvVsGjPLrxomLU16/EDzIrw6cHikdQKLf4sl0rX0m8j0
PNAGOSDmE9YgByiPo12CGMOuAvsDUI0JID4p4WqpBShTBuiIrITn8XVTCOQ+tKq9
dE/qI+mm2hnZjJajM2UWfKE0mVH4SDOiSilgKR/h5HuLZqwtYXFExDZsAcxaLfRB
KCrIOyJdpV7YIj8PaP89XeycHM2MaIfwdHSx3Pz39zZNzi6vJkLj9SWdQT7lOvZx
xTQ3dK0Rcpjx+rGHgihMT4yBd+JO9mZS3ghNGbypYnNn/mohPOAxguXuPuPRj00o
C7C3lIEEL/hZXZbN1SuiopZjxbU/x/5lO8n0Un1GCzynObPDvpDLTjsdKQARAQAB
tDFGZWRvcmEgKDQyKSA8ZmVkb3JhLTQyLXByaW1hcnlAZmVkb3JhcHJvamVjdC5v
cmc+iQJOBBMBCAA4FiEEsPSVBFj2nhFQxsXtyKxJFhBe+UQFAmXKg9ECGw8FCwkI
BwIGFQoJCAsCBBYCAwECHgECF4AACgkQyKxJFhBe+US4mQ//e4gIGhA6TJuEqrVP
gKtSnDawIj30TGbkXIywECtKCu9N8anTlkU2/XSKGyE3ZDdKDO77O11382Ci1xJg
CpdbqKg4G02ecEKT1Dtng37gt55SkhffQ0EeDb3Zl+Pu5qohHQUiMzio4B4q8n0H
D+L9klQ3I1rLmymguBRd34jQH/z025GE2SBbCpDnQCChZT7Fq1D/onOQgC6skN6Q
E2dvYqOnSlHkkfuVlRRYoLNmynxHKlL6VZkiM7m1zKi7cMEK63mKJQ3jH3Mc9grh
+OwBDxOjx5UoYMeYqq7oXyTPKvvf6ssuHtjWM3tNkyi5R1nB+4SHMttrbt2pLMSH
Jg6pNXoLAP8ahlvxdgVRjgN/6OMC/DwXnLxippelBXXDyBnwVd8/WohbJDcq7e5t
dymZpRsNxzhWSuwbHzeJY1DKtePhbjblShLjxTzLnS4GBPJV5TXpHkZWgQmz2aA0
CHV47j37P6kAOEtsJkJUWWz+/Rx1N5Mm5lxvghaAzlTBtwQhRgl9Y8kCTznG40QQ
64N2FOrcExUJmujLRISDjM2Ps9MtBlbYs7H4JDziX4jpNyvhVAbEdjbzVfL5oi35
l+K/QRtQJnt78qhLpNNB7SdQkNmD8eMeXF7mA/MH6eFM88hF4l6NeKklyMIa5thg
LFx0UyEgoLXDBg+thUzby61gnA8=
=OCXB
-----END PGP PUBLIC KEY BLOCK-----

29
RPM-GPG-KEY-fedora-43-primary Normal file
View file

@ -0,0 +1,29 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGa23M8BEAC47NwKLi/g2S9I2p5JtUbJ0y3m2St9zqkSENmYw/+R+WKvaP3S
KSFQF3Qi6pqGXJ88ADJUkFYpOGGyoc0dieLCmIPqtWbwGvBVMxBRBeU3+hClwbSQ
sysVnr8VxUwidfsIjNJavCZwB0ZoZbxdCPMQMOgQyTLX4OI/uKlPUzeymDHwxjb/
tllflSTOGtdYe3giRzidxN+xbCb6UoXkl0+lJEFbsmp41O5D/Ur5N05lBrsEXoDu
Fr99Kfv3Av7f3JfzDlkqC/EhmfxZEZvWj3hRdAfi2fFmtVcrdLfGIpQg6Y2Baphp
PhaHqKl9zD5GWqu5GSXGoLaGXusBvwBKjS/g+VLo7pJfMsUF3sUduJNG3UThAsrp
QLV3wQz0AMHVElRErOWdBDY0ddAKLPL7/mtxj39pGEpZ/dNtQkzgm7VCdP10QnQZ
rwR2l8k7CPu0pylPCXmXvKFWV1uv9RnztlWY6BRmufKn+lJsN3Blh7ndi5rlCjR6
mHVrQD/l6+8VmSD3/mDnbEXPyzBkSY5D1wpR7M5VXN5jVHROc4ZA5M88SyI48ESG
NmeAwtGar45/X+wG47+EC4+JXpNO7BQrEvHgJxBdyoQ6KLDrEaqn/OQpxB4Gfmcv
SwkWDpSk8wFm/pGlFK6J4b+ba7eOetW+aXrWSiFB1sTAg0OY+gds67OpWQARAQAB
tDFGZWRvcmEgKDQzKSA8ZmVkb3JhLTQzLXByaW1hcnlAZmVkb3JhcHJvamVjdC5v
cmc+iQJSBBMBCAA8FiEExufwgc+A4TFGZ26IgptgZjFkVTEFAma23M8CGw8FCwkI
BwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEIKbYGYxZFUxagQP/RYWw5j0Gfvv
lWkDQTjTVAnHtbKuQLYM13Lx5d3W1k0g6Xdrolf4yPjh4YPYVQDXksB4i6ULLbMo
8u46UCPMQwCXTd3Ax9imYn+V74Isl/CkBbKQD9YfSJjhW3mSlPa27jo2uhqpdV0S
xp05NWYnWrZN+GbtCUs1+rNTBevagOURtlZ8f0iPVRA/PxWzpjbRaGrCHlIYc3JO
GKLUuQueLvOUg2pP8dtpll7S3xUe5Abyq2ifT34T0wHi6hJA3bfpXo1uNXRvGrNw
gbJ7V6P7ioTcvyhS1h4zjelKFyvTnOKOy5D08HKmvTMWZQWEL7kDNymh1jMV7Abg
4TPp808EiPF1GGAzXU56feaURSvIuix3MkjhGZsSQQH2kkkEIzq6j/EwmpyEMW38
dtql4T2bVS/cTk/hRaqUKZlyrsL657g/4mFA1wDDM3895fYkHOpYF4JZ9SeDrhuc
TgpC7/TW55l6vSiFtnQvcMfjpfCA6mCA4b75k+/xG9RxxBnYU0qVuUo/8pON31yQ
D2AM2v7WbJBYVRYLlqPrkAZU5fe7+2wY7P7N0IAPwVA0TFJ1x6as3Kezdi/304mg
oC98DBLjHaUpX2bTxKMtCzlmeqPiwtyNkA9O9IQO7qQzArBKxmAgof4wblN5SL8i
fsjiJUqsK/gTYwJ744I/tzxOy5FXjA7z
=Bqds
-----END PGP PUBLIC KEY BLOCK-----

6
archmap
View file

@ -87,3 +87,9 @@ fedora-38-primary: x86_64 aarch64 ppc64le s390x
fedora-39-primary: x86_64 aarch64 ppc64le s390x
fedora-40-primary: x86_64 aarch64 ppc64le s390x
fedora-41-primary: x86_64 aarch64 ppc64le s390x
fedora-42-primary: x86_64 aarch64 ppc64le s390x
fedora-43-primary: x86_64 aarch64 ppc64le s390x

BIN
fedora-39-ima.der
View file

Binary file not shown.

BIN
fedora-40-ima.der Normal file
View file

Binary file not shown.

BIN
fedora-41-ima.der Normal file
View file

Binary file not shown.

BIN
fedora-42-ima.der Normal file
View file

Binary file not shown.

BIN
fedora-ima-ca.der Normal file
View file

Binary file not shown.

49
fedora-repos.spec
View file

@ -1,10 +1,10 @@
%global rawhide_release 39
%global rawhide_release 42
%global updates_testing_enabled 0
Summary: Fedora package repositories
Name: fedora-repos
Version: 39
Release: 0.4%{?eln:.eln%{eln}}
Release: 3%{?eln:.eln%{eln}}
License: MIT
URL: https://fedoraproject.org/
@ -80,6 +80,10 @@ Source57: RPM-GPG-KEY-fedora-37-primary
Source58: RPM-GPG-KEY-fedora-38-primary
Source59: RPM-GPG-KEY-fedora-39-primary
Source60: RPM-GPG-KEY-fedora-40-primary
Source61: RPM-GPG-KEY-fedora-41-primary
Source62: RPM-GPG-KEY-fedora-42-primary
Source63: RPM-GPG-KEY-fedora-43-primary
# When bumping Rawhide to fN, create N+1 key (and update archmap). (This
# ensures users have the next future key installed and referenced, even if they
# don't update very often. This will smooth out Rawhide N->N+1 transition for them).
@ -88,13 +92,12 @@ Source150: RPM-GPG-KEY-fedora-iot-2019
Source151: fedora.conf
Source152: fedora-compose.conf
# ima certs
Source500: fedora-38-ima.cert
Source501: fedora-38-ima.der
Source502: fedora-38-ima.pem
Source503: fedora-39-ima.cert
Source504: fedora-39-ima.der
Source505: fedora-39-ima.pem
# IMA certs: dracut integrity module only recognizes DER format
Source500: fedora-ima-ca.der
Source501: fedora-39-ima.der
Source502: fedora-40-ima.der
Source503: fedora-41-ima.der
Source504: fedora-42-ima.der
%description
Fedora package repository files for yum and dnf along with gpg public keys.
@ -177,9 +180,11 @@ done
ln -s RPM-GPG-KEY-fedora-%{version}-primary RPM-GPG-KEY-%{version}-fedora
popd
# Install the ima keys
# Install the IMA certs
install -d -m 755 $RPM_BUILD_ROOT/etc/keys/ima
install -m 644 %{_sourcedir}/fedora*ima.* $RPM_BUILD_ROOT/etc/keys/ima/
install -m 644 %{_sourcedir}/fedora*ima.der $RPM_BUILD_ROOT/etc/keys/ima/
install -d -m 755 $RPM_BUILD_ROOT/usr/share/ima/
install -m 644 %{_sourcedir}/fedora-ima-ca.der $RPM_BUILD_ROOT/usr/share/ima/ca.der
# Install repo files
install -d -m 755 $RPM_BUILD_ROOT/etc/yum.repos.d
@ -380,7 +385,10 @@ rm -f "$TMPRING"
%files -n fedora-gpg-keys
%dir /etc/pki/rpm-gpg
/etc/pki/rpm-gpg/RPM-GPG-KEY-*
# ima-certs
/etc/keys/ima/fedora*ima*
/usr/share/ima/ca.der
%files ostree
@ -393,6 +401,25 @@ rm -f "$TMPRING"
%changelog
=======
* Tue Aug 20 2024 Samyak Jain <samyak.jn11@gmail.com> - 39-3
- Add RPM-GPG-KEY-fedora-42-primary
- Add RPM-GPG-KEY-fedora-43-primary
- Setup for rawhide being F42
* Thu May 23 2024 Coiby Xu <coxu@redhat.com> - 39-2
- add/update IMA certs
* Fri Oct 06 2023 Kevin Fenzi <kevin@scrye.com> - 39-1
- Disable updates_testing for release.
* Wed Sep 06 2023 Tomas Hrcka <thrcka@redhat.com> - 39-0.6
- added Fedora 41 keys
- enabled updates_testing repository
* Tue Aug 08 2023 Samyak Jain <samyak.jn11@gmail.com> - 39-0.5
- Update Rawhide definition to F40
* Fri Jul 21 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 39-0.4
- Update IMA keys location for kernel/dracut