Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
RPMSIGN(8)		    System Manager's Manual		    RPMSIGN(8)

NAME
       rpmsign - RPM Package Signing

SYNOPSIS
   SIGNING PACKAGES:
       rpm --addsign|--resign [rpmsign-options]	PACKAGE_FILE ...

       rpm --delsign PACKAGE_FILE ...

   rpmsign-options
       [--fskpath KEY] [--signfiles]

DESCRIPTION
       Both of the --addsign and --resign options generate and insert new sig-
       natures for each	package	PACKAGE_FILE  given,  replacing	 any  existing
       signatures.  There  are two options for historical reasons, there is no
       difference in behavior currently.

       rpm --delsign PACKAGE_FILE ...

       Delete all signatures from each package PACKAGE_FILE given.

   SIGN	OPTIONS
       --fskpath KEY
	      Used with	--signfiles, use file signing key Key.

       --signfiles
	      Sign package files. The macro %_binary_filedigest_algorithm must
	      be set to	a supported algorithm before building the package. The
	      supported	algorithms are SHA1, SHA256, SHA384, and SHA512, which
	      are represented as 2, 8, 9, and 10 respectively.	The file sign-
	      ing key (RSA private key)	must be	set before signing  the	 pack-
	      age,  it can be configured on the	command	line with --fskpath or
	      the macro	%_file_signing_key.

   USING GPG TO	SIGN PACKAGES
       In order	to sign	packages using GPG, rpm	must be	configured to run  GPG
       and  be	able to	find a key ring	with the appropriate keys. By default,
       rpm uses	the same conventions as	GPG to	find  key  rings,  namely  the
       $GNUPGHOME  environment	variable.   If	your key rings are not located
       where GPG expects them to be, you will  need  to	 configure  the	 macro
       %_gpg_path to be	the location of	the GPG	key rings to use.  If you want
       to be able to sign packages you create yourself,	you also need to  cre-
       ate  your own public and	secret key pair	(see the GPG manual). You will
       also need to configure the rpm macros

       %_gpg_name
	      The name of the "user" whose key you wish	to use	to  sign  your
	      packages.

       For  example,  to be able to use	GPG to sign packages as	the user "John
       Doe _jdoe@foo.com_" from	the key	rings located in  /etc/rpm/.gpg	 using
       the executable /usr/bin/gpg you would include

       %_gpg_path /etc/rpm/.gpg
       %_gpg_name John Doe <jdoe@foo.com>
       %__gpg /usr/bin/gpg

       in  a macro configuration file. Use /etc/rpm/macros for per-system con-
       figuration and ~/.rpmmacros for per-user	configuration. Typically  it's
       sufficient to set just %_gpg_name.

SEE ALSO
       popt(3),
       rpm(8),
       rpmdb(8),
       rpmkeys(8),
       rpm2cpio(8),
       rpmbuild(8),
       rpmspec(8),

       rpmsign	--help	-  as  rpm  supports  customizing the options via popt
       aliases it's impossible to guarantee that what's	described in the  man-
       ual matches what's available.

       http://www.rpm.org/ <URL:http://www.rpm.org/>

AUTHORS
       Marc Ewing <marc@redhat.com>
       Jeff Johnson <jbj@redhat.com>
       Erik Troan <ewt@redhat.com>
       Panu Matilainen <pmatilai@redhat.com>
       Fionnuala Gunter	<fin@linux.vnet.ibm.com>

				 Red Hat, Inc			    RPMSIGN(8)

NAME | SYNOPSIS | DESCRIPTION | SEE ALSO | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=rpmsign&sektion=8&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help