[Pulp-list] Using --gpg-key in pulp-admin rpm repo create command
Jay Dobies
jason.dobies at redhat.com
Thu Apr 25 12:29:50 UTC 2013
On 04/25/2013 01:24 AM, Shaymardanov Rushan wrote:
> We are trying to use pulp to upload and publish our application packed
> to RPM using maven rpm plugin. I don't understand how to use --gpg-key
> option in rpm repo create command.
> Does it signs packages uploaded to repository using this key?
> Is it possible to download public part of key using published
> repository or I should publish it somewhere else?
>
> I've created repository and provided gpg secret key as argument to
> this option. Then I uploaded RPM package using rpm repo uploads rpm
> command. But when I trying to install this package, I get "package not
> signed" error from yum.
>
> Note that I don't (and don't want) to use pulp consumer on target
> server, I just want to install packages using HTTP.
>
> What is the right way to sign rpm packages uploaded to pulp repository
> and publish public key for yum can check sign?
The signing happens before the package is uploaded to Pulp. That GPG key
option is for consumers bound to the repo. Pulp will make that key
available to the consumers so that when it goes to use the Pulp repo, it
can verify the GPG signatures of the RPMs it's installing.
>
> Rushan Shaymardanov
>
> _______________________________________________
> Pulp-list mailing list
> Pulp-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list
>
--
Jay Dobies
Freenode: jdob @ #pulp
http://pulpproject.org
More information about the Pulp-list
mailing list