DIY的RPM包怎么签名呢 How to sign your custom RPM package with GPG key

原创

shift0ogg 2021-08-05 17:35:06 ©著作权

©著作权归作者所有：来自51CTO博客作者shift0ogg的原创作品，请联系作者获取转载授权，否则将追究法律责任

https://gist.github.com/fernandoaleman/1376720

How to sign your custom RPM package with GPG key

这是文件rpm-digital-signature.sh

 1 #rpm-digital-signature.sh
 2 
 3 # How to sign your custom RPM package with GPG key
 4 
 5 # Step: 1
 6 # Generate gpg key pair (public key and private key)
 7 #
 8 # You will be prompted with a series of questions about encryption.
 9 # Simply select the default values presented. You will also be asked
10 # to create a Real Name, Email Address and Comment (comment optional).
11 # 
12 # If you get the following response:
13 # -----------------------------------------------------------------------
14 # We need to generate a lot of random bytes. It is a good idea to perform
15 # some other action (type on the keyboard, move the mouse, utilize the
16 # disks) during the prime generation; this gives the random number
17 # generator a better chance to gain enough entropy.
18 # -----------------------------------------------------------------------
19 # Open up a separate terminal, ssh into your server and run this command:
20 # ls -R /
21 
22 gpg --gen-key
23 
24 # Step: 2
25 # Verify your gpg keys were created
26 
27 gpg --list-keys
28 
29 # Step: 3
30 # Export your public key from your key ring to a text file.
31 #
32 # You will use the information for Real Name and Email you used to
33 # create your key. I used Fernando Aleman and faleman@email.com
34 
35 gpg --export -a 'Fernando Aleman' > RPM-GPG-KEY-faleman
36 
37 # Step: 4
38 # Import your public key to your RPM DB
39 #
40 # If you plan to share your custom built RPM packages with others, make sure
41 # to have your public key file available online so others can verify RPMs
42 
43 sudo rpm --import RPM-GPG-KEY-faleman
44 
45 # Step: 5
46 # Verify the list of gpg public keys in RPM DB
47 
48 rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'
49 
50 # Step: 6
51 # Configure your ~/.rpmmacros file
52 #
53 # You can use the following command to edit if you are on the server:
54 # vi ~/.rpmmacros
55 #
56 # %_signature => This will always be gpg
57 # %_gpg_path  => Enter full path to .gnupg in your home directory
58 # %_gpg_name  => Use the Real Name you used to create your key
59 # %_gpbin     => run `which gpg` (without ` marks) to get full path 
60 
61 %_signature gpg
62 %_gpg_path /root/.gnupg
63 %_gpg_name Fernando Aleman
64 %_gpgbin /usr/bin/gpg
65 
66 # Step: 7
67 # Sign your custom RPM package
68 #
69 # You can sign each RPM file individually:
70 
71 rpm --addsign git-1.7.7.3-1.el6.x86_64.rpm
72 
73 # Or you can `cd` into your RPMS folder and sign them all:
74 
75 rpm --addsign *.rpm
76 
77 # Step: 8
78 # Check the signature to make sure it was signed
79 #
80 # Watch for 'gpg OK' as in this example:
81 # git-1.7.7.3-1.el6.x86_64.rpm: (sha1) dsa sha1 md5 gpg OK
82 
83 rpm --checksig git-1.7.7.3-1.el6.x86_64.rpm
84 
85 # Tip!
86 # Sign package during build
87 #
88 # To sign a package while it's being built, simply add '--sign'
89 
90 rpmbuild -ba --sign git.spec