Dominic made a good point on Friday - we should start signing the RPM's
that are on yum.theforeman.org.
Jason, what's the best way to get this process rolling. Should I submit
a PR to the rpm repo with the changes to the spec files and then get you
the private key?
-S
There is nothing to be changed in spec file if you want to sign rpm package.
You just put into ~/.rpmmacros name of your gpg key
%_gpg_name Katello
and run
rpmsign --addsign *.rpm
And that's it.
Of course you want to put your public key on some public web and make
sure that you are not the only one holder of the private key (just in
case the truck hit you next day).
···
On 11/12/2012 04:19 PM, Sam Kottler wrote:
> Should I submit a PR to the rpm repo with the changes to the spec files
> and then get you the private key?
–
Miroslav Suchy
Red Hat Systems Management Engineering
I know that you can define it in the macro file, but I think a few of
us have more than one different key that we sign packages with so it's
easiest to put it there. Anyhow, that's the somewhat tangential to the
real issue at hand; let's get the RPM's signed 
-S
···
On Mon 12 Nov 2012 11:54:40 AM EST, Miroslav Suchý wrote:
> On 11/12/2012 04:19 PM, Sam Kottler wrote:
>> Should I submit a PR to the rpm repo with the changes to the spec files
>> and then get you the private key?
>
> There is nothing to be changed in spec file if you want to sign rpm
> package.
>
> You just put into ~/.rpmmacros name of your gpg key
>
> %_gpg_name Katello
>
> and run
>
> rpmsign --addsign *.rpm
>
> And that's it.
>
> Of course you want to put your public key on some public web and make
> sure that you are not the only one holder of the private key (just in
> case the truck hit you next day).
sorry, there = in the spec.
···
On Mon 12 Nov 2012 11:57:04 AM EST, Sam Kottler wrote:
> I know that you can define it in the macro file, but I think a few of
> us have more than one different key that we sign packages with so it's
> easiest to put it there. Anyhow, that's the somewhat tangential to the
> real issue at hand; let's get the RPM's signed :-)
>
> -S
>
> On Mon 12 Nov 2012 11:54:40 AM EST, Miroslav Suchý wrote:
>> On 11/12/2012 04:19 PM, Sam Kottler wrote:
>>> Should I submit a PR to the rpm repo with the changes to the spec files
>>> and then get you the private key?
>>
>> There is nothing to be changed in spec file if you want to sign rpm
>> package.
>>
>> You just put into ~/.rpmmacros name of your gpg key
>>
>> %_gpg_name Katello
>>
>> and run
>>
>> rpmsign --addsign *.rpm
>>
>> And that's it.
>>
>> Of course you want to put your public key on some public web and make
>> sure that you are not the only one holder of the private key (just in
>> case the truck hit you next day).
But if you put it in spec, it will not be used anyway.
And yes, I just tried it.
I'm not against signing. I'm 100% for signing. I'm just saying there is
nothing to do in spec file.
···
On 11/12/2012 05:57 PM, Sam Kottler wrote:
> I know that you can define it in the macro file, but I think a few of us
> have more than one different key that we sign packages with so it's
> easiest to put it there. Anyhow, that's the somewhat tangential to the
–
Miroslav Suchy
Red Hat Systems Management Engineering
Ha, you're right - guess I haven't signed RPM's in a while
-S
···
On Mon 12 Nov 2012 12:05:13 PM EST, Miroslav Suchý wrote:
> On 11/12/2012 05:57 PM, Sam Kottler wrote:
>> I know that you can define it in the macro file, but I think a few of us
>> have more than one different key that we sign packages with so it's
>> easiest to put it there. Anyhow, that's the somewhat tangential to the
>
> But if you put it in spec, it will not be used anyway.
> And yes, I just tried it.
>
> I'm not against signing. I'm 100% for signing. I'm just saying there
> is nothing to do in spec file.
>
