Signing RPM packages
Stuart D. Gathman
stuart at bmsi.com
Sat Mar 19 01:08:35 UTC 2011
On Fri, 18 Mar 2011, Keith Roberts wrote:
>> http://www.gnupg.org/documentation/guides.en.html
>>
>> The more people you can get to sign your public key (building the web of
>> trust), the better. Read up on key-signing parties.
>
> Thanks Tim.
>
> I've created a file with my public key in, and have resigned the packages I
> have already built. So I just need to check all this works by installing one
> of my built packages.
I highly recommend also making a "release" package (e.g. kroberts-release)
that installs kroberts.repo in /etc/yum.repos.d and your key file
in /etc/pki/rpm-gpg. This can then be updated to add a signing key
or another repo (e.g. kroberts-testing).
--
Stuart D. Gathman <stuart at bmsi.com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
More information about the Rpm-list
mailing list