GPG Sign RPMs
As I build a 'fair' amount of RPM's which are available to other people; I was thinking: how do one actually sign RPM's with a GPG key.
Well here is what I did to get it working:
# gpg --gen-key
.....
Real name: <your name>
Email adresss: <your email>
Comment: rpm build
......
Remember the passphrase, as you will need to use it with you sign an rpm.
As I build rpm's on multible PC's I import this key to all the PC's / Users on these PC's
First export the key:
# gpg --export-secret-key KEY; gpg --export KEY) > my-key-for-rpms.asc
KEY can be found with: gpg --list-keys
This key can be imported with gpg --import <keyfile>
Now you have to modify your $HOME/.rpmmacros, add:
%_gpg_name <information>
%_signature gpg
When you do a gpg --list-keys you will see:
pub xxxxx/yyyyyyyyyy <date> <information>
It's the <information> you have to add to your .rpmmacros.
Now you should be able to sign rpms with either rpm or rpmbuild:
# rpm --addsign <rpm-file>
# rpmbuild --sign -ba <spec.file>
You can see the signature with:
# rpm --checksig <rpm-file>
It should show something like: <rpm-file> (sha1) dsa sha1 md5 gpg OK
Now you're done..... Have fun.
Well here is what I did to get it working:
# gpg --gen-key
.....
Real name: <your name>
Email adresss: <your email>
Comment: rpm build
......
Remember the passphrase, as you will need to use it with you sign an rpm.
As I build rpm's on multible PC's I import this key to all the PC's / Users on these PC's
First export the key:
# gpg --export-secret-key KEY; gpg --export KEY) > my-key-for-rpms.asc
KEY can be found with: gpg --list-keys
This key can be imported with gpg --import <keyfile>
Now you have to modify your $HOME/.rpmmacros, add:
%_gpg_name <information>
%_signature gpg
When you do a gpg --list-keys you will see:
pub xxxxx/yyyyyyyyyy <date> <information>
It's the <information> you have to add to your .rpmmacros.
Now you should be able to sign rpms with either rpm or rpmbuild:
# rpm --addsign <rpm-file>
# rpmbuild --sign -ba <spec.file>
You can see the signature with:
# rpm --checksig <rpm-file>
It should show something like: <rpm-file> (sha1) dsa sha1 md5 gpg OK
Now you're done..... Have fun.
Comments