rpm sign packages
Todd Zullinger
tmz at pobox.com
Wed Dec 3 14:42:07 UTC 2008
David Hláčik wrote:
> Hello , i am searching for a reasonable howto, documentiation for
> Signing Custom RPM packages.
Can you give more detail on where you're getting stuck at?
As Ed asked, have you read the rpm man page?
I don't know of a howto off the top of my head, but the process it
pretty simple, so I'll try to detail it quickly.
If you don't already have a gpg key, you'll need to generate one using
"gpg --gen-key" and filling in the prompts.
Next, tell rpm what key you want to use to sign in ~/.rpmmacros:
%_gpg_name your_key at example.com
(You can use the email address of the key or the key id to identify
the key.)
Then, just use rpm --addsign /path/to/some.rpm and enter the
passphrase when prompted.
In order to verify packages signed with your key you need to import
the key into the rpm database.
To export the key from gpg:
$ gpg -a --export your_key at example.com > RPM-GPG-KEY-example
To import the key to the rpm database:
$ su -c 'rpm --import RPM-GPG-KEY-example'
To verify a package you have signed:
$ rpm -K /path/to/some.rpm
/path/to/some.rpm: (sha1) dsa sha1 md5 gpg OK
To sign a package when building it:
$ rpmbuild -ba --sign some.spec
That should be all you need.
After a quick google, I also turned up this howto:
http://fedoranews.org/tchung/gpg/
It lists the steps pretty much as I have listed them above, often with
a little more detail. Perhaps you'll find it helpful. [Two things
you can ignore about it are the '%_signature gpg' part in ~/.rpmmacros
and the use of --resign, as that option is the same as --addsign these
days.]
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Common sense is genius dressed in its working clothes.
-- Ralph Waldo Emerson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20081203/76b4190e/attachment-0001.sig>
More information about the fedora-list
mailing list