Signing RPM packages

Tim Mooney Tim.Mooney at
Fri Mar 18 21:09:03 UTC 2011

In regard to: Signing RPM packages, Keith Roberts said (at 8:52pm on Mar...:

> I'm building my own RPM's for Centos 5.5, and also sign them with my private 
> GPG key.
> Here's a part of a simple 'package test' preamble;
> Name        : joe                   Relocations: (not relocatable)
> Version     : 2.9.8                 Vendor: White Socks Software
> Release     : 4                     Build Date: Fri 18 Mar 2011 15:37:03 GMT
> Install Date: (not installed)       Build Host: karsites
> Group       : Applications/Editors  Source RPM: joe-2.9.8-4.src.rpm
> Size        : 305627                License: GPL
> Signature   : DSA/SHA1, Fri 18 Mar 2011 15:37:04 GMT, Key ID 92866c1f1dc92c08
> Packager    : Santa Claws <santa at christmasdotcom)
> URL         :
> Summary     : An easy to use, modeless text editor.
> As you can see I have signed this package with my own private GPG key.
> How do I create a public GPG key to allow others to download and install my 
> Centos 5.5 packages please?

You already have a public GPG key, you just need to publish/advertise it.

Read the section of the GnuPG guide on exporting your public key, as
well as the advise on disseminating it.  See

The more people you can get to sign your public key (building the web of
trust), the better.  Read up on key-signing parties.

Tim Mooney                                             Tim.Mooney at
Enterprise Computing & Infrastructure                  701-231-1076 (Voice)
Room 242-J6, IACC Building                             701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

More information about the Rpm-list mailing list