GPG Sign RPMs

By On 3. December, 2004 · Leave a Comment · In howto

As I build a ‘fair’ amount of RPM’s which are available to other people; I was thinking: how do one actually sign RPM’s with a GPG key.

Well here is what I did to get it working:

# gpg –gen-key

…..

Real name: <your name>

Email adresss: <your email>

Comment: rpm build

……

Remember the passphrase, as you will need to use it with you sign an rpm.

As I build rpm’s on multible PC’s I import this key to all the PC’s / Users on these PC’s

First export the key:

# gpg –export-secret-key KEY; gpg –export KEY) > my-key-for-rpms.asc

KEY can be found with: gpg –list-keys

This key can be imported with gpg –import <keyfile>

Now you have to modify your $HOME/.rpmmacros, add:

%_gpg_name <information>

%_signature gpg

When you do a gpg –list-keys you will see:

pub xxxxx/yyyyyyyyyy <date> <information>

It’s the <information> you have to add to your .rpmmacros.

Now you should be able to sign rpms with either rpm or rpmbuild:

# rpm –addsign <rpm-file>

# rpmbuild –sign -ba <spec.file>

You can see the signature with:

# rpm –checksig <rpm-file>

It should show something like: <rpm-file> (sha1) dsa sha1 md5 gpg OK

Now you’re done….. Have fun.

 
If you enjoyed this article, please consider sharing it!
Reddit Facebook Twitter Delicious Mixx StumbleUpon Digg

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

*
To prove you're a person (not a spam script), type the security text shown in the picture. Click here to regenerate some new text.
Click to hear an audio file of the anti-spam word

Set your Twitter account name in your settings to use the TwitterBar Section.