Hide Forgot
Document URL: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/rpm_packaging_guide/ Section Number and Name: RPM Packaging Guide Describe the issue: This guide is missing info on how to sign a package Suggestions for improvement: Include info on how to sign the package, how to sign it with a GPG key and how to make a GPG copy in ASC format Additional information: The RPM packaging guide is fantastic. I have used it step by step with success. The Satellite docs team have a BZ [1] that has a use case which requires the creation of an RPM, signing of that RPM, and uploading to Satellite as custom content. The Satellite part of this is documented, as is the creation of the RPM, however the signing of the RPM seems to be the responsibility of the package creator, so that would probably best fit in the RPM packaging guide. Any queries, let me know. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1363863
This is described in https://access.redhat.com/blogs/766093/posts/1976693 and in older: http://ftp.rpm.org/max-rpm/s1-rpm-pgp-signing-packages.html (RH is the copyright holder of this documentation, so you can copy it). It is definitely better to first build a package and only the sign it with --addsign.
New chapter submitted in a pull request: https://github.com/redhat-developer/rpm-packaging-guide/pull/40/files
New chapter published on customer portal: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/rpm_packaging_guide/#Signing-Packages