Sign the packages

• This doc explains how to sign builds in the release(s).

• Manual signing should rarely ever be needed anymore. Just make sure that robosignatory is setup for all tags that are created.

• If a build seems to be stuck in the autosigning queue (one of the -pending or -signing-pending tags), just koji untag and koji tag the package. This will retrigger autosigning.

• If bodhi is reporting a build as unsigned but the build is not in the -signing-pending tag, that means bodhi missed the tagging. Just run the following command to make the build get retagged again, giving Bodhi another change at seeing the signing

  $ koji move $dist-updates-testing-pending $dist-signing-pending $build
  

• If need be, sign builds using scripts/sigulsign_unsigned.py from releng git repo

  NOTE! This will NOT help if Bodhi marks a build as unsigned!

  $ ./sigulsign_unsigned.py -vv --write-all \
      --sigul-batch-size=25 fedora-22 \
      $(cat /var/cache/sigul/Stable-F22 /var/cache/sigul/Testing-F22)
  

(Make sure you sign each release with the right key… ie, ‘fedora-19’ key with F19 packages, or ‘epel-6’ with EL-6 packages)