Hi
According to the following tutorial:
https://cvmfs-contrib.github.io/cvmfs-tutorial-2021/02_stratum0_client/#215-repository-keys
Although you can use a different master key per repository, it is recommended to use the same master key for all repositories under a single domain, so that clients only need a single public master key to access all repositories under this domain. For more information, see the CernVM-FS documentation: Creating a Repository (Stratum 0) — CernVM-FS 2.11.2 documentation.
However I have also read the official documentation about creating a master key. I don’t find more information about how a common pub key can be created for several repositories.
Once I create a new repository with the following command:
sudo cvmfs_server mkfs -o $USER repo.organization.tld
It is creating 4 several key files in /etc/cvmfs/keys, and once I create another new repository, it is generating 4 new several keys files again in /etc/cvmfs/keys.
Is there a more “clean” way how a common pub key can be used for several repositories.
I have something like this in mind:
moving the 4 several key files to
/etc/cvmfs/keys/organization.tld and then the same pub key can be used ?
I have tried to modify the following environment variables (added in /etc/cvmfs/config.d/repo.organization.tld)
CVMFS_PUBLIC_KEY
CVMFS_KEYS_DIR
but without succes.
Once I try to resign the the new key, it is giving me the following error message:
Neither masterkey nor masterkeycard is available to sign whitelist!