bst2002git · June 14, 2021 12:14 · Nov 22, 2011 · Nov 18, 2011 · Nov 18, 2011
diff --git a/rpm-digital-signature.sh b/rpm-digital-signature.sh
@@ -78,7 +78,7 @@ rpm --addsign *.rpm
 # Watch for 'gpg OK' as in this example:
 # git-1.7.7.3-1.el6.x86_64.rpm: (sha1) dsa sha1 md5 gpg OK
 
-rpm --checksig (sha1) dsa sha1 md5 gpg OK
+rpm --checksig git-1.7.7.3-1.el6.x86_64.rpm
 
 # Tip!
 # Sign package during build

diff --git a/RPM Digital Signature → rpm-digital-signature.sh b/RPM Digital Signature → rpm-digital-signature.sh
diff --git a/RPM Digital Signature b/RPM Digital Signature
@@ -0,0 +1,88 @@
+# How to sign your custom RPM package with GPG key
+
+# Step: 1
+# Generate gpg key pair (public key and private key)
+#
+# You will be prompted with a series of questions about encryption.
+# Simply select the default values presented. You will also be asked
+# to create a Real Name, Email Address and Comment (comment optional).
+# 
+# If you get the following response:
+# -----------------------------------------------------------------------
+# We need to generate a lot of random bytes. It is a good idea to perform
+# some other action (type on the keyboard, move the mouse, utilize the
+# disks) during the prime generation; this gives the random number
+# generator a better chance to gain enough entropy.
+# -----------------------------------------------------------------------
+# Open up a separate terminal, ssh into your server and run this command:
+# ls -R /
+
+gpg --gen-key
+
+# Step: 2
+# Verify your gpg keys were created
+
+gpg --list-keys
+
+# Step: 3
+# Export your public key from your key ring to a text file.
+#
+# You will use the information for Real Name and Email you used to
+# create your key. I used Fernando Aleman and [email protected]
+
+gpg --export -a 'Fernando Aleman' > RPM-GPG-KEY-faleman
+
+# Step: 4
+# Import your public key to your RPM DB
+#
+# If you plan to share your custom built RPM packages with others, make sure
+# to have your public key file available online so others can verify RPMs
+
+sudo rpm --import RPM-GPG-KEY-faleman
+
+# Step: 5
+# Verify the list of gpg public keys in RPM DB
+
+rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'
+
+# Step: 6
+# Configure your ~/.rpmmacros file
+#
+# You can use the following command to edit if you are on the server:
+# vi ~/.rpmmacros
+#
+# %_signature => This will always be gpg
+# %_gpg_path  => Enter full path to .gnupg in your home directory
+# %_gpg_name  => Use the Real Name you used to create your key
+# %_gpbin     => run `which gpg` (without ` marks) to get full path 
+
+%_signature gpg
+%_gpg_path /root/.gnupg
+%_gpg_name Fernando Aleman
+%_gpgbin /usr/bin/gpg
+
+# Step: 7
+# Sign your custom RPM package
+#
+# You can sign each RPM file individually:
+
+rpm --addsign git-1.7.7.3-1.el6.x86_64.rpm
+
+# Or you can `cd` into your RPMS folder and sign them all:
+
+rpm --addsign *.rpm
+
+# Step: 8
+# Check the signature to make sure it was signed
+#
+# Watch for 'gpg OK' as in this example:
+# git-1.7.7.3-1.el6.x86_64.rpm: (sha1) dsa sha1 md5 gpg OK
+
+rpm --checksig (sha1) dsa sha1 md5 gpg OK
+
+# Tip!
+# Sign package during build
+#
+# To sign a package while it's being built, simply add '--sign'
+
+rpmbuild -ba --sign git.spec