Signing RPM packages
Tim.Mooney at ndsu.edu
Fri Mar 18 21:09:03 UTC 2011
In regard to: Signing RPM packages, Keith Roberts said (at 8:52pm on Mar...:
> I'm building my own RPM's for Centos 5.5, and also sign them with my private
> GPG key.
> Here's a part of a simple 'package test' preamble;
> Name : joe Relocations: (not relocatable)
> Version : 2.9.8 Vendor: White Socks Software
> Release : 4 Build Date: Fri 18 Mar 2011 15:37:03 GMT
> Install Date: (not installed) Build Host: karsites
> Group : Applications/Editors Source RPM: joe-2.9.8-4.src.rpm
> Size : 305627 License: GPL
> Signature : DSA/SHA1, Fri 18 Mar 2011 15:37:04 GMT, Key ID 92866c1f1dc92c08
> Packager : Santa Claws <santa at christmasdotcom)
> URL : http://sourceforge.net/projects/joe-editor/
> Summary : An easy to use, modeless text editor.
> As you can see I have signed this package with my own private GPG key.
> How do I create a public GPG key to allow others to download and install my
> Centos 5.5 packages please?
You already have a public GPG key, you just need to publish/advertise it.
Read the section of the GnuPG guide on exporting your public key, as
well as the advise on disseminating it. See
The more people you can get to sign your public key (building the web of
trust), the better. Read up on key-signing parties.
Tim Mooney Tim.Mooney at ndsu.edu
Enterprise Computing & Infrastructure 701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164
More information about the Rpm-list