Steps for GPG Signing custom built RPMs

Issues related to applications and software problems
Post Reply
User avatar
warron.french
Posts: 400
Joined: 2014/03/27 20:21:58

Steps for GPG Signing custom built RPMs

Post by warron.french » 2019/08/31 04:35:48

I found a pretty good reference on how to GPG Sign an RPM at https://access.redhat.com/articles/3359321

I have gotten tripped up on the documentation just a little bit, specifically in the section that looks like this:

Code: Select all

[root@localhost ~]# vi .rpmmacros 

[root@localhost ~]# rpm --addsign test-1-0.x86_64.rpm 
Enter pass phrase: 
Pass phrase is good.
test-1-0.x86_64.rpm:
[root@localhost ~]# rpm --checksig test-1-0.x86_64.rpm 
test-1-0.x86_64.rpm: rsa sha1 (md5) pgp md5 OK

[root@localhost ~]# vi .rpmmacros 

[root@localhost ~]# cat .rpmmacros 
%_signature gpg
%_gpg_path /root/.gnupg
%_gpg_name Package Manager
%_gpgbin /usr/bin/gpg2
%__gpg_sign_cmd %{__gpg} gpg --force-v3-sigs --batch --verbose --no-armor --passphrase-fd 3 --no-secmem-warning -u "%{_gpg_name}" -sbo %{__signature_filename} --digest-algo sha256 %{__plaintext_filename}'
Why am I executing 'vi .rpmmacros' and without any specific instruction for what to edit or add before I close the file? Is the second vi edit session where I can view the content (looking at the result of cat)?

Also, if all I really need to do is inject the details of the cat-output into my own ~/.rpmmacros file, is the line

Code: Select all

%_gpgbin /usr/bin/gpg2
correct? Considering the command I used to create the key was actually gpg, without the extra '2'?
Thanks,
War

aks
Posts: 2844
Joined: 2014/09/20 11:22:14

Re: Steps for GPG Signing custom built RPMs

Post by aks » 2019/09/01 18:20:41

Why am I executing 'vi .rpmmacros' and without any specific instruction for what to edit or add before I close the file? Is the second vi edit session where I can view the content (looking at the result of cat)?
Yeah it's a bit confusing - just make sure you have the %_ stanzas like in the cat output. They are the important bits.
correct? Considering the command I used to create the key was actually gpg, without the extra '2'?
Correct. You'll see that gpg is actually a sym/hard link to gpg2

User avatar
warron.french
Posts: 400
Joined: 2014/03/27 20:21:58

Re: Steps for GPG Signing custom built RPMs

Post by warron.french » 2019/09/01 18:38:29

Awesome! Thanks aks.
Thanks,
War

Post Reply

Return to “CentOS 7 - Software Support”