5,576
edits
Changes
From SME Server
Jump to navigationJump to searchno edit summary
In this HOWTO, I'll cover how to generate your own gpg key pair and sign your custom RPM package with that key.
In this HOWTO, I'll cover how to generate your own gpg key pair and sign your custom RPM package with that key.
* Create the gnupg folder
[root@sme8rpm ]# cd ~
[root@sme8rpm ]# mkdir .gnupg
* Generate gpg key pair (public key and private key)
* Generate gpg key pair (public key and private key)
[root@sme8rpm SPECS]# gpg --gen-key
[root@sme8rpm ]# gpg --gen-key
gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This program comes with ABSOLUTELY NO WARRANTY.
* Now that you've generated gpg keys, you can see the list in your key ring by typing :
* Now that you've generated gpg keys, you can see the list in your key ring by typing :
[root@sme8rpm SPECS]# gpg --list-keys
[root@sme8rpm]# gpg --list-keys
/root/.gnupg/pubring.gpg
/root/.gnupg/pubring.gpg
-------------------------------
-------------------------------
* To extract or export your public key from your key ring to a text file.
* To extract or export your public key from your key ring to a text file.
[root@sme8rpm SPECS]# gpg --export -a 'Foo' > RPM-GPG-KEY
[root@sme8rpm]# gpg --export -a 'Foo' > RPM-GPG-KEY
This file is necessary to import it to your RPM DB and verify a package with gpg key later on. If you're planning to share your custom built RPM packages with others, make sure to have your public key file available online in public so they can verify your custom RPM package. see [[http://wiki.contribs.org/Stephdl Stephdl repository]] for an example on how declare the pgp signature to the repository.
This file is necessary to import it to your RPM DB and verify a package with gpg key later on. If you're planning to share your custom built RPM packages with others, make sure to have your public key file available online in public so they can verify your custom RPM package. see [[http://wiki.contribs.org/Stephdl Stephdl repository]] for an example on how declare the pgp signature to the repository.
* To import your public key to your RPM DB
* To import your public key to your RPM DB
[root@sme8rpm SPECS]# rpm --import RPM-GPG-KEY
[root@sme8rpm]# rpm --import RPM-GPG-KEY
Password:
Password:
* Let's verify the list of gpg public keys in RPM DB:
* Let's verify the list of gpg public keys in RPM DB:
[root@sme8rpm SPECS]# rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'
[root@sme8rpm]# rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'
* Final step before the signing, configure your ~/.rpmmacros file to include the following:
* Final step before the signing, configure your ~/.rpmmacros file to include the following:
nano ~/.rpmmacros
root@sme8rpm]# nano ~/.rpmmacros
%_signature gpg
%_signature gpg
* Now, you're ready to sign your custom RPM package
* Now, you're ready to sign your custom RPM package
rpmbuild -ba --sign smeserver-roundcube.spec
root@sme8rpm]# rpmbuild -ba --sign smeserver-roundcube.spec
or
or
rpm --addsign smeserver-roundcube-0.9-15.src.rpm
root@sme8rpm]# rpm --addsign smeserver-roundcube-0.9-15.src.rpm
to verify if all is ok
to verify if all is ok
rpm --checksig ../SRPMS/smeserver-roundcube-0.9-15.src.rpm
root@sme8rpm]# rpm --checksig ../SRPMS/smeserver-roundcube-0.9-15.src.rpm
smeserver-roundcube-0.9-15.src.rpm: (sha1) dsa sha1 md5 gpg OK
smeserver-roundcube-0.9-15.src.rpm: (sha1) dsa sha1 md5 gpg OK
