Line 7: |
Line 7: |
| In this HOWTO, I'll cover how to generate your own gpg key pair and sign your custom RPM package with that key. | | In this HOWTO, I'll cover how to generate your own gpg key pair and sign your custom RPM package with that key. |
| | | |
| + | * Create the gnupg folder |
| + | [root@sme8rpm ]# cd ~ |
| + | [root@sme8rpm ]# mkdir .gnupg |
| | | |
| | | |
| * Generate gpg key pair (public key and private key) | | * Generate gpg key pair (public key and private key) |
| | | |
− | [root@sme8rpm SPECS]# gpg --gen-key | + | [root@sme8rpm ]# gpg --gen-key |
| gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc. | | gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc. |
| This program comes with ABSOLUTELY NO WARRANTY. | | This program comes with ABSOLUTELY NO WARRANTY. |
Line 74: |
Line 77: |
| * Now that you've generated gpg keys, you can see the list in your key ring by typing : | | * Now that you've generated gpg keys, you can see the list in your key ring by typing : |
| | | |
− | [root@sme8rpm SPECS]# gpg --list-keys | + | [root@sme8rpm]# gpg --list-keys |
− | /root/.gnupg/pubring.gpg | + | |
− | ------------------------------- | + | /root/.gnupg/pubring.gpg |
− | pub 1024D/23A254D4 2005-01-06 Foo <foo@foo.com> | + | ------------------------------- |
− | sub 1024g/D08816E2 2005-01-06 | + | pub 1024D/23A254D4 2005-01-06 Foo <foo@foo.com> |
| + | sub 1024g/D08816E2 2005-01-06 |
| | | |
| * To extract or export your public key from your key ring to a text file. | | * To extract or export your public key from your key ring to a text file. |
− | [root@sme8rpm SPECS]# gpg --export -a 'Foo' > RPM-GPG-KEY | + | [root@sme8rpm]# gpg --export -a 'Foo' > RPM-GPG-KEY |
| | | |
− | This file is necessary to import it to your RPM DB and verify a package with gpg key later on. If you're planning to share your custom built RPM packages with others, make sure to have your public key file available online in public so they can verify your custom RPM package. see [[http://wiki.contribs.org/Stephdl Stephdl repository]] for an example on how declare the pgp signature to the repository. | + | This file is necessary to import it to your RPM DB and verify a package with gpg key later on. If you're planning to share your custom built RPM packages with others, make sure to have your public key file available online in public (in the web folder of your repository) so they can verify your custom RPM package. see [[http://wiki.contribs.org/Stephdl Stephdl repository]] for an example on how declare the pgp signature to the repository. |
| | | |
| * To import your public key to your RPM DB | | * To import your public key to your RPM DB |
− | [root@sme8rpm SPECS]# rpm --import RPM-GPG-KEY | + | [root@sme8rpm]# rpm --import RPM-GPG-KEY |
| Password: | | Password: |
| | | |
| * Let's verify the list of gpg public keys in RPM DB: | | * Let's verify the list of gpg public keys in RPM DB: |
− | [root@sme8rpm SPECS]# rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n' | + | [root@sme8rpm]# rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n' |
| | | |
| * Final step before the signing, configure your ~/.rpmmacros file to include the following: | | * Final step before the signing, configure your ~/.rpmmacros file to include the following: |
− | nano ~/.rpmmacros | + | root@sme8rpm]# nano ~/.rpmmacros |
| | | |
| %_signature gpg | | %_signature gpg |
− | %_gpg_path /root/.gnupg | + | %_gpg_path /home/youruser/.gnupg |
| %_gpg_name Foo | | %_gpg_name Foo |
| %_gpgbin /usr/bin/gpg | | %_gpgbin /usr/bin/gpg |
| | | |
− | * Now, you're ready to sign your custom RPM package | + | * Now, you're ready to sign your custom RPM package (with el7 you must now install rpm-sign) |
| | | |
− | rpmbuild -ba --sign smeserver-roundcube.spec | + | root@sme8rpm]# rpmbuild -ba --sign smeserver-roundcube.spec |
| or | | or |
− | rpm --addsign smeserver-roundcube-0.9-15.src.rpm | + | root@sme8rpm]# rpm --addsign smeserver-roundcube-0.9-15.rpm |
| + | or |
| + | root@sme8rpm]# rpm --resign smeserver-roundcube-0.9-15.rpm |
| | | |
| to verify if all is ok | | to verify if all is ok |
| | | |
− | rpm --checksig ../SRPMS/smeserver-roundcube-0.9-15.src.rpm | + | root@sme8rpm]# rpm --checksig smeserver-roundcube-0.9-15.rpm |
| smeserver-roundcube-0.9-15.src.rpm: (sha1) dsa sha1 md5 gpg OK | | smeserver-roundcube-0.9-15.src.rpm: (sha1) dsa sha1 md5 gpg OK |
| | | |
− | [[Category:Howto]]
| + | |
| [[Category:SME Server Development Framework]] | | [[Category:SME Server Development Framework]] |
| [[Category:Development Tools]] | | [[Category:Development Tools]] |
| [[Category:SME9-Development]] | | [[Category:SME9-Development]] |