(Imported from MoinMoin)
m (1 revision(s))
Latest revision as of 16:29, 24 May 2008
 Appendix H
 Signing RPM files
Up2date will complain about installing RPM files that are not signed. We highly encourage you to GPG sign all RPM files that you build. You will need to create a GPG key, and include the public key on your discs (you may also want to add it to the splittree.py.patch , with the RPM-GPG-KEY-fedora.
We highly recommend that you create your key with the same user that you used to setup your RPM build area .
Create a GPG key
I usually accept the default answers, but you may want to set the key to expire or use a different keysize. It also asks for your real name, email address and comment. For this document, I used:
Real name: Testing Email address: email@example.com Comment: Test
It then asks for a passphrase that will be required when signing RPMs. Put in a passphrase that you will remember. It will store the public/private keys in
~/.gnupg/. You will need to add this information into your
%_signature gpg %_gpg_name Testing (Test) firstname.lastname@example.org %_gpgbin /usr/bin/gpg %_gpg_path ~/.gnupg
Now, when you create your RPM files, use the
--sign option to
rpmbuild -ba --sign anaconda.spec
It will ask for the passphrase, and if you enter it correctly, it will build the RPM files and sign them.