45 lines
2.2 KiB
Cheetah
45 lines
2.2 KiB
Cheetah
These set of repositories (or "compose") is for {{ fullname }} and was generated
|
|
using Empanadas {{ version }} from the SIG/Core Toolkit.
|
|
|
|
As this is not a traditional compose (via pungi), there will be things that you
|
|
might be expecting and do not see, or not expecting and do see. While we
|
|
attempted to recreate a lot of those elements, it's not perfect and we don't
|
|
expect that it ever will be. With that being said, in the future, we do plan on
|
|
having more metadata and providing client libraries that can ingest this type of
|
|
metadata that we produce for easy consumption, on top of extending what our
|
|
metadata provides.
|
|
|
|
# Notes #
|
|
|
|
## Unversioned ISO Files ##
|
|
|
|
There are unversioned ISO files in the isos and live directories per
|
|
architecture. This is to allow libvirt users an easy way to download an ISO for
|
|
a given release of their choosing easily. It also allows users as a whole to
|
|
always have a pre-determined path to download the latest ISO of a given release
|
|
by just relying on it being in the URL itself rather than in the ISO name. Note
|
|
that these unversioned ISO files may or may not advertised on the main site.
|
|
|
|
## Checksums ##
|
|
|
|
CHECKSUM Validation: https://github.com/rocky-linux/checksums
|
|
https://git.resf.org/rocky-linux/checksums (mirror)
|
|
|
|
Traditionally, we would "sign" the checksum files with the current GPG key of a
|
|
major release. However, due to how the new build system operates and for
|
|
ensuring strong security within the new build ecosystem as it pertains the
|
|
signing keys, this is no longer a viable approach. It was determined by SIG/Core
|
|
(or Release Engineering) to instead provide verified signed commits using our
|
|
keys with RESF/Rocky Linux email domain names to a proper git repository. Our
|
|
signing keys are attached to our GitHub and RESF Git Service profiles.
|
|
|
|
If you are looking for "verification" of the ISO checksums and were expecting a
|
|
`CHECKSUM.sig`, it is highly recommended to visit the link above instead.
|
|
|
|
To verify our signature, click on "commits" and click the green "Verified"
|
|
button where you will see a GPG key ID. You can then search for this ID at the
|
|
any of the following:
|
|
|
|
https://keys.openpgp.org/
|
|
https://keyserver.ubuntu.com
|