Signing RPM packages
Tim Mooney
Tim.Mooney at ndsu.edu
Fri Mar 18 21:09:03 UTC 2011
In regard to: Signing RPM packages, Keith Roberts said (at 8:52pm on Mar...:
> I'm building my own RPM's for Centos 5.5, and also sign them with my private
> GPG key.
>
> Here's a part of a simple 'package test' preamble;
>
> Name : joe Relocations: (not relocatable)
> Version : 2.9.8 Vendor: White Socks Software
> Release : 4 Build Date: Fri 18 Mar 2011 15:37:03 GMT
> Install Date: (not installed) Build Host: karsites
> Group : Applications/Editors Source RPM: joe-2.9.8-4.src.rpm
> Size : 305627 License: GPL
> Signature : DSA/SHA1, Fri 18 Mar 2011 15:37:04 GMT, Key ID 92866c1f1dc92c08
> Packager : Santa Claws <santa at christmasdotcom)
> URL : http://sourceforge.net/projects/joe-editor/
> Summary : An easy to use, modeless text editor.
>
> As you can see I have signed this package with my own private GPG key.
>
> How do I create a public GPG key to allow others to download and install my
> Centos 5.5 packages please?
You already have a public GPG key, you just need to publish/advertise it.
Read the section of the GnuPG guide on exporting your public key, as
well as the advise on disseminating it. See
http://www.gnupg.org/documentation/guides.en.html
The more people you can get to sign your public key (building the web of
trust), the better. Read up on key-signing parties.
Tim
--
Tim Mooney Tim.Mooney at ndsu.edu
Enterprise Computing & Infrastructure 701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164
More information about the Rpm-list
mailing list