Steps for GPG Signing custom built RPMs
Posted: 2019/08/31 04:35:48
I found a pretty good reference on how to GPG Sign an RPM at https://access.redhat.com/articles/3359321
I have gotten tripped up on the documentation just a little bit, specifically in the section that looks like this:
Why am I executing 'vi .rpmmacros' and without any specific instruction for what to edit or add before I close the file? Is the second vi edit session where I can view the content (looking at the result of cat)?
Also, if all I really need to do is inject the details of the cat-output into my own ~/.rpmmacros file, is the line
correct? Considering the command I used to create the key was actually gpg, without the extra '2'?
I have gotten tripped up on the documentation just a little bit, specifically in the section that looks like this:
Code: Select all
[root@localhost ~]# vi .rpmmacros
[root@localhost ~]# rpm --addsign test-1-0.x86_64.rpm
Enter pass phrase:
Pass phrase is good.
test-1-0.x86_64.rpm:
[root@localhost ~]# rpm --checksig test-1-0.x86_64.rpm
test-1-0.x86_64.rpm: rsa sha1 (md5) pgp md5 OK
[root@localhost ~]# vi .rpmmacros
[root@localhost ~]# cat .rpmmacros
%_signature gpg
%_gpg_path /root/.gnupg
%_gpg_name Package Manager
%_gpgbin /usr/bin/gpg2
%__gpg_sign_cmd %{__gpg} gpg --force-v3-sigs --batch --verbose --no-armor --passphrase-fd 3 --no-secmem-warning -u "%{_gpg_name}" -sbo %{__signature_filename} --digest-algo sha256 %{__plaintext_filename}'
Also, if all I really need to do is inject the details of the cat-output into my own ~/.rpmmacros file, is the line
Code: Select all
%_gpgbin /usr/bin/gpg2