In regard to: Signing RPM packages, Keith Roberts said (at 8:52pm on Mar...:
I'm building my own RPM's for Centos 5.5, and also sign them with my private
GPG key.
Here's a part of a simple 'package test' preamble;
Name : joe Relocations: (not relocatable)
Version : 2.9.8 Vendor: White Socks Software
Release : 4 Build Date: Fri 18 Mar 2011 15:37:03 GMT
Install Date: (not installed) Build Host: karsites
Group : Applications/Editors Source RPM: joe-2.9.8-4.src.rpm
Size : 305627 License: GPL
Signature : DSA/SHA1, Fri 18 Mar 2011 15:37:04 GMT, Key ID 92866c1f1dc92c08
Packager : Santa Claws <santa@christmasdotcom)
URL : http://sourceforge.net/projects/joe-editor/
Summary : An easy to use, modeless text editor.
As you can see I have signed this package with my own private GPG key.
How do I create a public GPG key to allow others to download and install my
Centos 5.5 packages please?
You already have a public GPG key, you just need to publish/advertise it.
Read the section of the GnuPG guide on exporting your public key, as
well as the advise on disseminating it. See
http://www.gnupg.org/documentation/guides.en.html
The more people you can get to sign your public key (building the web of
trust), the better. Read up on key-signing parties.
Tim
--
Tim Mooney Tim.Mooney@xxxxxxxx
Enterprise Computing & Infrastructure 701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164
_______________________________________________
Rpm-list mailing list
Rpm-list@xxxxxxxxxxxxx
http://lists.rpm.org/mailman/listinfo/rpm-list
