toolkit/iso/empanadas/empanadas/templates
2022-07-11 21:15:31 -04:00
..
icicle revert to stg url now that CDN is fixed. add in some additional metadata for builds and cleanup output for containers 2022-07-11 21:15:31 -04:00
kube Implement a feature to assist in generating various images 2022-06-28 09:33:13 -04:00
buildExtraImage.tmpl.sh test should use && 2022-06-28 10:08:17 -07:00
buildImage.tmpl.sh Expand and Generalize ISO Functions 2022-06-27 17:59:21 -07:00
buildLiveImage.tmpl.sh add in live generation 2022-07-11 01:06:33 -07:00
extraisobuild.tmpl.sh Bump to 0.2.0 2022-07-04 11:32:10 -07:00
isobuild.tmpl.sh Bump to 0.2.0 2022-07-04 11:32:10 -07:00
isomock.tmpl.cfg Lets write some poetry 2022-06-17 15:06:45 -04:00
liveisobuild.tmpl.sh seems to work with selinux on 2022-07-11 08:58:13 -07:00
README.tmpl solve path join issue 2022-07-08 20:44:15 -07:00
repoconfig.tmpl Update Configs + Extra ISO Build Progress 2022-06-23 13:12:53 -07:00
reposync-src.tmpl undo config name 2022-07-06 23:41:28 -07:00
reposync.tmpl put sed in right spot 2022-07-06 23:29:02 -07:00
xorriso.tmpl.txt end argument missing 2022-06-27 01:18:57 -07:00

These set of repositories (or "compose") is for {{ fullname }} and was generated
using Empanadas {{ version }} from the SIG/Core Toolkit.

As this is not a traditional compose, there will be things that you might be
expecting and do not see, or not expecting and do see. While we attempted to
recreate a lot of those elements, it's not perfect. In the future, we do plan on
having more metadata and providing client libraries that can ingest this type
of metadata that we produce for easy consumption.

# Notes #

## Checksums ##

CHECKSUM Validation: https://github.com/rocky-linux/checksums

Traditionally, we would "sign" the checksum files with the current GPG key of a
major release. However, due to how the new build system operates and for
ensuring strong security within the build system as it pertains the signing
keys, this is no longer possible. It was determined by SIG/Core or Release
Engineering to instead provide verified signed commits using our keys with
RESF/Rocky Linux email domain names to a proper git repository. Our signing keys
are attached to our GitHub and RESF Git Service profiles.

If you are looking for "verification" of the ISO checksums and were expecting a
`CHECKSUM.sig`, it is highly recommended to visit the link above instead.

To verify our signature, click on "commits" and click the green "Verified"
button where you will see a GPG key ID. You can then search for this ID at the
any of the following:

https://keys.openpgp.org/
https://keyserver.ubuntu.com