[Rpm-maint] [rpm-software-management/rpm] [Document] Siging process of rpm package, both V3 and V4 (Issue #2156)

Hu Sheng notifications at github.com
Fri Aug 19 00:56:35 UTC 2022


> You just need to make an OpenPGP signature. RPM handles the rest. You can provide a macro that tells RPM what command to use to make the signature.

Thanks @DemiMarie, to be confirm, let's take a look at the marco configuration for rpm singature [1]:
```
[root at localhost ~]# vi .rpmmacros 
[root at localhost ~]# cat .rpmmacros 
%_signature gpg
%_gpg_path /root/.gnupg
%_gpg_name Package Manager
%_gpgbin /usr/bin/gpg2
%__gpg_sign_cmd %{__gpg} gpg --force-v3-sigs --batch --verbose --no-armor --passphrase-fd 3 --no-secmem-warning -u "%{_gpg_name}" -sbo %{__signature_filename} --digest-algo sha256 %{__plaintext_filename}'
```
In order to sign rpm with remote signature service, we need develop a client which communicates with our HSM, also read original content from file and generate the signature file as specified?

We don't need to worry about the rpm header and payload, since rpm handles the rest we do the sign things only?


[1]: https://access.redhat.com/articles/3359321

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2156#issuecomment-1220122580
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/2156/1220122580 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220818/3c12e8bd/attachment.html>


More information about the Rpm-maint mailing list