OBS GPG Key Setup Instructions
===============================

Generated: Wed Oct 22 15:54:54 CDT 2025
Key ID: 8A56FC2B553FFE1F
Name: Joseph Ogle
Email: jogle88@gmail.com

Files Created:
--------------
1. public-key.asc  - Public key (share this with users)
2. private-key.asc - Private key (KEEP THIS SECRET!)

Step 1: Upload Keys to OBS (Open Build Service)
------------------------------------------------

Option A: Via OBS Web UI (Recommended)
1. Go to: https://build.opensuse.org/project/prjconf/home:GuyFerrari
2. Click "Project Config" tab
3. Add the following at the end:

   %define _gpg_name jogle88@gmail.com

4. Click "Users" tab → "Add User" → Add yourself as maintainer
5. Go to: https://build.opensuse.org/project/meta/home:GuyFerrari
6. Add your GPG key fingerprint to the project metadata

Option B: Via osc CLI
1. Set up signing:
   osc signkey --create

2. Or upload your existing key:
   osc signkey --extend "8A56FC2B553FFE1F"

3. Verify the key is configured:
   osc signkey --list

Step 2: Configure Project for Signing
--------------------------------------

Option A: Automated Upload (Recommended)
Run the upload script:
   chmod +x upload-keys-to-obs.sh
   ./upload-keys-to-obs.sh

This will:
- Upload your GPG keys to OBS
- Configure project for package signing
- Enable signing for all repositories
- Trigger a rebuild with signing

Option B: Manual Configuration
1. Go to your OBS project: https://build.opensuse.org/project/show/home:GuyFerrari
2. Click "Advanced" → "Project Config"
3. Add these lines:
   Signkey: <your-key-fingerprint>
   %define _gpg_name jogle88@gmail.com

4. Click "Repositories" → Edit each repository → Enable "Sign repository"
5. Rebuild packages to apply signing

Step 3: Share Public Key with Users
------------------------------------
1. Upload public-key.asc to your GitHub repository:
   git add obs-gpg-keys/public-key.asc
   git commit -m "Add OBS signing public key"
   git push

2. Users can import it with:
   curl -fsSL https://github.com/dnasso/DBCFileViewer/raw/main/obs-gpg-keys/public-key.asc | gpg --import

Step 4: Verify Signing Works
-----------------------------
After uploading keys to OBS:

1. Trigger a rebuild:
   osc rebuild home:GuyFerrari dbc-file-viewer

2. Wait for build to complete

3. Check if packages are signed:
   osc getbinaries home:GuyFerrari dbc-file-viewer Fedora_42 x86_64
   rpm -K dbc-file-viewer*.rpm
   
   Should show: "pgp md5 OK" or similar

4. For Debian packages:
   curl -fsSL https://download.opensuse.org/repositories/home:/GuyFerrari/xUbuntu_24.04/Release | gpg --verify

SECURITY REMINDERS:
-------------------
⚠ NEVER commit private-key.asc to Git
⚠ Keep your passphrase secure
⚠ Backup private-key.asc to a secure location
⚠ Set key expiration reminders (expires in 2 years)

Key Renewal (in 2 years):
-------------------------
1. Extend expiration:
   gpg --edit-key 8A56FC2B553FFE1F
   > expire
   > 2y
   > save

2. Re-export and upload new public key

3. Or generate a new key with this script

Support:
--------
If you encounter issues:
- OBS Documentation: https://openbuildservice.org/help/manuals/obs-user-guide/
- Project Issues: https://github.com/dnasso/DBCFileViewer/issues

