Changes

Changes

From SME Server

Jump to navigation Jump to search

← Older edit

Sign your RPM (view source)

Revision as of 11:56, 20 February 2016

233 bytes added , 11:56, 20 February 2016

no edit summary

Line 7: Line 7:

In this HOWTO, I'll cover how to generate your own gpg key pair and sign your custom RPM package with that key.

* Create the gnupg folder

[root@sme8rpm ]# cd ~

[root@sme8rpm ]# mkdir .gnupg

* Generate gpg key pair (public key and private key)

−

[root@sme8rpm ~~SPECS~~]# gpg --gen-key

[root@sme8rpm ]# gpg --gen-key

This program comes with ABSOLUTELY NO WARRANTY.

Line 74: Line 77:

* Now that you've generated gpg keys, you can see the list in your key ring by typing :

−

[root@sme8rpm ~~SPECS~~]# gpg --list-keys

[root@sme8rpm]# gpg --list-keys

−

/root/.gnupg/pubring.gpg

−

-------------------------------

/root/.gnupg/pubring.gpg

−

pub 1024D/23A254D4 2005-01-06 Foo <foo@foo.com>

-------------------------------

−

sub 1024g/D08816E2 2005-01-06

pub 1024D/23A254D4 2005-01-06 Foo <foo@foo.com>

sub 1024g/D08816E2 2005-01-06

* To extract or export your public key from your key ring to a text file.

−

[root@sme8rpm ~~SPECS~~]# gpg --export -a 'Foo' > RPM-GPG-KEY

[root@sme8rpm]# gpg --export -a 'Foo' > RPM-GPG-KEY

−

This file is necessary to import it to your RPM DB and verify a package with gpg key later on. If you're planning to share your custom built RPM packages with others, make sure to have your public key file available online in public so they can verify your custom RPM package. see [[http://wiki.contribs.org/Stephdl Stephdl repository]] for an example on how declare the pgp signature to the repository.

This file is necessary to import it to your RPM DB and verify a package with gpg key later on. If you're planning to share your custom built RPM packages with others, make sure to have your public key file available online in public (in the web folder of your repository) so they can verify your custom RPM package. see [[http://wiki.contribs.org/Stephdl Stephdl repository]] for an example on how declare the pgp signature to the repository.

* To import your public key to your RPM DB

−

[root@sme8rpm ~~SPECS~~]# rpm --import RPM-GPG-KEY

[root@sme8rpm]# rpm --import RPM-GPG-KEY

Password:

* Let's verify the list of gpg public keys in RPM DB:

−

[root@sme8rpm ~~SPECS~~]# rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'

[root@sme8rpm]# rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'

* Final step before the signing, configure your ~/.rpmmacros file to include the following:

−

nano ~/.rpmmacros

root@sme8rpm]# nano ~/.rpmmacros

%_signature gpg

−

%_gpg_path /~~root~~/.gnupg

%_gpg_path /home/youruser/.gnupg

%_gpg_name Foo

%_gpgbin /usr/bin/gpg

−

* Now, you're ready to sign your custom RPM package

* Now, you're ready to sign your custom RPM package (with el7 you must now install rpm-sign)

−

rpmbuild -ba --sign smeserver-roundcube.spec

root@sme8rpm]# rpmbuild -ba --sign smeserver-roundcube.spec

−

rpm --addsign smeserver-roundcube-0.9-15.~~src~~.rpm

root@sme8rpm]# rpm --addsign smeserver-roundcube-0.9-15.rpm

root@sme8rpm]# rpm --resign smeserver-roundcube-0.9-15.rpm

to verify if all is ok

−

rpm --checksig ~~../SRPMS/~~smeserver-roundcube-0.9-15~~.src~~.rpm

root@sme8rpm]# rpm --checksig smeserver-roundcube-0.9-15.rpm

smeserver-roundcube-0.9-15.src.rpm: (sha1) dsa sha1 md5 gpg OK

−

~~[[Category:Howto]]~~

[[Category:SME Server Development Framework]]

[[Category:Development Tools]]

[[Category:SME9-Development]]

Stephdl

Administrators

5,576

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/22030...30452"

Sign your RPM (view source)

Revision as of 11:56, 20 February 2016

Navigation menu

Page actions

Page actions

Personal tools

Koozali SME Server

Recent activities

Koozali resources

Koozali SME Server wiki

Tools

Search