Hi, I am trying to pakage oclock for Fedora. According to the packaging guidelines I need to have a gpg key. https://docs.fedoraproject.org/en-US/packaging-guidelines/#_source_file_verification So, the package itself comes with a oclock-1.0.4.tar.gz.sig (from upstream). How do I use this? I tried the following in my spec file: Source0: https://www.x.org/pub/individual/app/%{name}-%{version}.tar.gz Source1: %{source0}.sig %prep %{gpgverify} --signature='%{SOURCE1}' %autosetup Of course, this did not work. $ rpmbuild -ba oclock.spec setting SOURCE_DATE_EPOCH=1637280000 Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.WWxhBy + umask 022 + cd /home/maitra/rpmbuild/BUILD + /usr/lib/rpm/redhat/gpgverify '--signature=/home/maitra/rpmbuild/SOURCES/%{source0}.sig' gpgverify: No keyring was provided. error: Bad exit status from /var/tmp/rpm-tmp.WWxhBy (%prep) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.WWxhBy (%prep) My apologies, this is the first time I have had any use for a .sig file, and have very little idea of what to do with it. Thanks for any help! _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
