RPM Signatures for the internal GNOME repository

Contact Information

Owner: GNOME Sysadmin Team

Contact: #sysadmin

Persons: AndreaVeri

Purpose: Install, sign and maintain signed RPM packages for the GNOME internal repository

Puppet modules: packages, rpm_signer

Description

The GNOME Infrastructure hosts an internal Yum repository where customized RPMs are fetched. The repository supports GPG verification of each of the packages hosted.

Action

Installing a new package:

ssh puppetmaster01-back
sudo rpm-signer -c /srv/rpm-signer.config -i package-name.rpm

ssh range-back
sudo cobbler reposync

Listing package signatures:

Handy in case someone installed a RPM manually without signing it and the installation then fails on the target machine.

ssh puppetmaster01-back
rpm-signer -c /srv/rpm-signer.config -l | grep 'NOT SIGNED'

General information:

  1. Key ID for the signing key: D4D336D4

  2. Public key for the signing key

Sysadmin/SOP/RPMInternalSignatures (last edited 2019-05-18 14:55:41 by AndreaVeri)