本文介绍如何使用GnuPG生成RPM-GPG-KEY用于软件包签名,并详细说明了设置过程及如何验证签名的有效性。此外还介绍了如何在YUM源配置文件中指定GPG Key进行自动验证。
生成 RPM-GPG-KEY-test
# gpg --gen-key
gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection? 1
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 1024
Requested keysize is 1024 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: test <http://ci.com>
Invalid character in name
Real name: test
Email address: <hesk@test.com>
Comment:
You selected this USER-ID:
"test <hesk@test.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
"test"
# gpg --list-keys
# gpg --export -a "test" > RPM-GPG-KEY-test
# rpm --import RPM-GPG-KEY-test
# rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'
# rpm --addsign /test-2.2-00.i386.rpm
# rpm --checksig /test-2.2-00.i386.rpm
验证RPM-GPG-KEY-test
# vi /root/.rpmmacros
%_signature gpg
%_gpg_path /root/.gnupg
%_gpg_name test
#rpmbuild -ba --sign test-2.2.spec
打包使用RPM-GPG-KEY-test
yum安装使用 RPM-GPG-KEY-test
# vi /etc/yum.repos.d/test.repo
[c5-media]
name=CentOS-$releasever - Media
#baseurl=ftp://test:test@172.25.165.2/dvdrom
baseurl=file:///cd1
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-test
# gpg --gen-key
gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection? 1
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 1024
Requested keysize is 1024 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: test <http://ci.com>
Invalid character in name
Real name: test
Email address: <hesk@test.com>
Comment:
You selected this USER-ID:
"test <hesk@test.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
"test"
# gpg --list-keys
# gpg --export -a "test" > RPM-GPG-KEY-test
# rpm --import RPM-GPG-KEY-test
# rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'
# rpm --addsign /test-2.2-00.i386.rpm
# rpm --checksig /test-2.2-00.i386.rpm
验证RPM-GPG-KEY-test
# vi /root/.rpmmacros
%_signature gpg
%_gpg_path /root/.gnupg
%_gpg_name test
#rpmbuild -ba --sign test-2.2.spec
打包使用RPM-GPG-KEY-test
yum安装使用 RPM-GPG-KEY-test
# vi /etc/yum.repos.d/test.repo
[c5-media]
name=CentOS-$releasever - Media
#baseurl=ftp://test:test@172.25.165.2/dvdrom
baseurl=file:///cd1
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-test
扫一扫
1022
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
