╔════════════════════════════════════════════════════════════════╗╔════════════════════════════════════════════════════════════════╗

║                                                                ║║                                                                ║

║       OBS Package Signing - Quick Start Guide                 ║║       OBS Package Signing - Quick Start Guide                 ║

║                                                                ║║                                                                ║

╚════════════════════════════════════════════════════════════════╝╚════════════════════════════════════════════════════════════════╝



🚀 ONE-COMMAND SETUP (Recommended)🚀 ONE-COMMAND SETUP (Recommended)

════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════



chmod +x setup-obs-signing.shchmod +x setup-obs-signing.sh

./setup-obs-signing.sh./setup-obs-signing.sh



This does EVERYTHING:This does EVERYTHING:

  ✓ Generates GPG keys  ✓ Generates GPG keys

  ✓ Uploads to OBS  ✓ Uploads to OBS

  ✓ Configures signing  ✓ Configures signing

  ✓ Rebuilds packages  ✓ Rebuilds packages



Time: 5 minutes + 10-30 min for buildsTime: 5 minutes + 10-30 min for builds





📋 WHAT YOU GET📋 WHAT YOU GET

════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════



Scripts (4 files, 30KB):Scripts (4 files, 30KB):

  • setup-obs-signing.sh       - Master script (all-in-one)  • setup-obs-signing.sh       - Master script (all-in-one)

  • setup-obs-gpg-keys.sh      - Generate GPG keys  • setup-obs-gpg-keys.sh      - Generate GPG keys

  • upload-keys-to-obs.sh      - Upload to OBS  • upload-keys-to-obs.sh      - Upload to OBS

  • setup-obs-repo-lubuntu.sh  - User installation script  • setup-obs-repo-lubuntu.sh  - User installation script



Documentation (4 files, 27KB):Documentation (4 files, 27KB):

  • docs/OBS-SIGNING-SETUP.md         - Quick start guide  • docs/OBS-SIGNING-SETUP.md         - Quick start guide

  • docs/SIGNING.md                   - Technical details  • docs/SIGNING.md                   - Technical details

  • docs/VERIFICATION.md              - User verification  • docs/VERIFICATION.md              - User verification

  • docs/SIGNING-SETUP-COMPLETE.md    - Complete summary  • docs/SIGNING-SETUP-COMPLETE.md    - Complete summary



Output (after running):Output (after running):

  obs-gpg-keys/  obs-gpg-keys/

  ├── public-key.asc           ✓ Commit to Git  ├── public-key.asc           ✓ Commit to Git

  ├── private-key.asc          ✗ KEEP SECRET!  ├── private-key.asc          ✗ KEEP SECRET!

  ├── KEY-INFO.txt             ✓ Key fingerprint  ├── KEY-INFO.txt             ✓ Key fingerprint

  ├── INSTRUCTIONS.txt         ✓ Detailed guide  ├── INSTRUCTIONS.txt         ✓ Detailed guide

  └── OBS-UPLOAD-SUMMARY.txt   ✓ Verification commands  └── OBS-UPLOAD-SUMMARY.txt   ✓ Verification commands





🔐 WHAT GETS SIGNED🔐 WHAT GETS SIGNED

════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════



✓ RPM packages (.rpm files)          - Fedora, openSUSE✓ RPM packages (.rpm files)          - Fedora, openSUSE

✓ Repository metadata (Release)      - All distributions✓ Repository metadata (Release)      - All distributions

✓ Package checksums                  - Integrity verification✓ Package checksums                  - Integrity verification



Note: .deb files not individually signed (OBS limitation),Note: .deb files not individually signed (OBS limitation),

      but repository metadata is signed (standard practice)      but repository metadata is signed (standard practice)





✅ VERIFICATION✅ VERIFICATION

════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════



Automatic (users do nothing special):Automatic (users do nothing special):

  sudo apt install dbc-file-viewer      # Ubuntu/Debian  sudo apt install dbc-file-viewer      # Ubuntu/Debian

  sudo dnf install dbc-file-viewer      # Fedora/openSUSE  sudo dnf install dbc-file-viewer      # Fedora/openSUSE



Manual verification:Manual verification:

  curl -fsSL https://download.opensuse.org/.../Release.key | gpg --import  curl -fsSL https://download.opensuse.org/.../Release.key | gpg --import

  curl -fsSL https://download.opensuse.org/.../Release.gpg -o Release.gpg  curl -fsSL https://download.opensuse.org/.../Release.gpg -o Release.gpg

  curl -fsSL https://download.opensuse.org/.../Release -o Release  curl -fsSL https://download.opensuse.org/.../Release -o Release

  gpg --verify Release.gpg Release  gpg --verify Release.gpg Release





🔄 STEP-BY-STEP (if you prefer manual control)🔄 STEP-BY-STEP (if you prefer manual control)

════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════



Step 1: Generate keysStep 1: Generate keys

  chmod +x setup-obs-gpg-keys.sh  chmod +x setup-obs-gpg-keys.sh

  ./setup-obs-gpg-keys.sh  ./setup-obs-gpg-keys.sh

    

  Prompts for: name, email, passphrase  Prompts for: name, email, passphrase



Step 2: Upload to OBSStep 2: Upload to OBS

  chmod +x upload-keys-to-obs.sh  chmod +x upload-keys-to-obs.sh

  ./upload-keys-to-obs.sh  ./upload-keys-to-obs.sh

    

  Configures OBS and triggers rebuild  Configures OBS and triggers rebuild





📤 AFTER SETUP📤 AFTER SETUP

════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════



1. Wait 10-30 minutes for builds1. Wait 10-30 minutes for builds



2. Verify signatures:2. Verify signatures:

   cat obs-gpg-keys/OBS-UPLOAD-SUMMARY.txt   cat obs-gpg-keys/OBS-UPLOAD-SUMMARY.txt



3. Share public key:3. Share public key:

   git add obs-gpg-keys/public-key.asc   git add obs-gpg-keys/public-key.asc

   git commit -m "Add OBS signing public key"   git commit -m 

   git push

4. Upload to keyservers (optional):
   gpg --keyserver keys.openpgp.org --send-keys <KEY_ID>


⚠️  SECURITY
══════════════════════════════════════════════════════════════════

DO:
  ✓ Use strong passphrase
  ✓ Backup private-key.asc securely
  ✓ Commit public-key.asc to Git
  ✓ Upload to keyservers
  ✓ Set renewal reminder (2 years)

DON'T:
  ✗ NEVER commit private-key.asc to Git
  ✗ Share private key or passphrase
  ✗ Use weak/empty passphrase


🔍 TROUBLESHOOTING
══════════════════════════════════════════════════════════════════

Keys not working?
  osc meta prjconf home:GuyFerrari | grep -i sign
  osc signkey --list home:GuyFerrari
  osc rebuild home:GuyFerrari dbc-file-viewer

"No secret key" error?
  gpg --import obs-gpg-keys/private-key.asc

osc not configured?
  osc -A https://api.opensuse.org


📚 DOCUMENTATION
══════════════════════════════════════════════════════════════════

Quick Start:     docs/OBS-SIGNING-SETUP.md
Technical:       docs/SIGNING.md
User Guide:      docs/VERIFICATION.md
Complete:        docs/SIGNING-SETUP-COMPLETE.md


🆘 SUPPORT
══════════════════════════════════════════════════════════════════

Issues:      github.com/dnasso/DBCFileViewer/issues
Discussions: github.com/dnasso/DBCFileViewer/discussions
OBS Help:    openbuildservice.org/help/


════════════════════════════════════════════════════════════════════

✨ TIP: Run ./setup-obs-signing.sh and let it do everything! ✨

════════════════════════════════════════════════════════════════════
