Signing+RPM+Packages

=Signing an RPM Package=

After you have created a key using GPG you can then use your GPG Key to sign your packages to prove their authenticity.

1. Ensure the following file exists: ~/.rpmmacros 2. Edit the .rpmmacros file and add the following lines: code %_signature gpg %_gpg_name code 3. Export the gpg key used in step 2 to a file: gpg --export -a '////' > //// ex: gpg --export -a 'Jason Marciniak' > RPM-GPG-KEY-Jason

4. Select a package you wish to sign (This example will use the following package: **hello-2.7-1%.i686.rpm**)

5. Sign the package: rpm --addsign ex: rpm --addsign **hello-2.7-1%.i686.rpm**