On 01/20/2016 01:37 AM, Alice Wonder wrote:
I'm trying to find where / how to use sha256 when I sign packages
but I
am not having much luck. Closest I have found is this :
https://fedoraproject.org/wiki/RPM_file_format_changes_to_support_SHA-256
This thread has been a whole bunch of confusion. What you're trying to
do requires that you add one line to your .rpmmacros file:
%_gpg_digest_algo sha256
The _binary_filedigest_algorithm and _source_filedigest_algorithm don't
affect the signature, they affect the file digest. That is, they set
the checksum by which files will be verified by rpm -V. You can see the
digest of each file using "rpm -qp --dump".
I'm still not getting it to work - I am trying outside of mock.
As far as I know, mock doesn't sign packages, so you don't need to
change your mock configuration at all.
Before just _signature_gpg and _gpg_name were defined
Because I'm curious, I checked.... Only _gpg_name and _gpg_digest_algo
need to be set. "%_signature gpg" is either the default, or it's
unused. I'm not sure which.
I am wondering if my issue is related to my gpg configuration but I
don't even know where the hell the user specific configuration is kept
now.
I think it's normally created when you create your keys, but it doesn't
seem to be needed.
No idea if the gpg configuration could be the issue, and the gpg2 man
page doesn't seem to indicate where the configuration file is kept now.
Yes, it does. The file is gpg.conf in --homedir (which defaults to
~/.gnupg).
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
