RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1564079 - [RFE]: Add details of RPM package signing in RPM Packaging Guide
Summary: [RFE]: Add details of RPM package signing in RPM Packaging Guide
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: doc-Packagers_Guide
Version: 7.7-Alt
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Adam Kvitek
QA Contact: ecs-bugs
Petr Kovar
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-05 10:03 UTC by Melanie Corr
Modified: 2019-03-06 01:18 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-07-19 16:05:13 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Melanie Corr 2018-04-05 10:03:07 UTC 
Document URL: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/rpm_packaging_guide/

Section Number and Name: RPM Packaging Guide

Describe the issue: This guide is missing info on how to sign a package

Suggestions for improvement: Include info on how to sign the package, how to sign it with a GPG key and how to make a GPG copy in ASC format 

Additional information: The RPM packaging guide is fantastic. I have used it step by step with success. The Satellite docs team have a BZ [1] that has a use case which requires the creation of an RPM, signing of that RPM, and uploading to Satellite as custom content. The Satellite part of this is documented, as is the creation of the RPM, however the signing of the RPM seems to be the responsibility of the package creator, so that would probably best fit in the RPM packaging guide. 

Any queries, let me know.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1363863
Comment 3 Miroslav Suchý 2018-04-25 11:11:59 UTC 
This is described in 
  https://access.redhat.com/blogs/766093/posts/1976693
and in older:
  http://ftp.rpm.org/max-rpm/s1-rpm-pgp-signing-packages.html
  (RH is the copyright holder of this documentation, so you can copy it).

It is definitely better to first build a package and only the sign it with --addsign.
Comment 6 Adam Kvitek 2018-05-30 10:10:13 UTC 
New chapter submitted in a pull request: https://github.com/redhat-developer/rpm-packaging-guide/pull/40/files
Comment 7 Adam Kvitek 2018-07-19 16:14:00 UTC 
New chapter published on customer portal: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/rpm_packaging_guide/#Signing-Packages
Note You need to log in before you can comment on or make changes to this bug.