From the course: Building, Maintaining, and Distributing RPM Packages
Join today to access over 22,500 courses taught by industry experts.
Signing and verification
From the course: Building, Maintaining, and Distributing RPM Packages
Signing and verification
- [Instructor] Once packages are built and ready to be distributed, we should spend a little time to help our users verify that the packages they downloaded are in fact what we intended for them to download. One aspect of this is to sign the package cryptographically, associating a key that represents us or our organization with the package file. To sign a package, we'll need a key-pair, so let's create one. You may also have an existing key that you want to use, but I don't, so we'll make a brand new one. To do that, I'll run gpg dash dash full-generate-key. And I'll choose to create a key only for signing, not for encryption, so I'll choose option four here. We'll accept defaults and make the key last forever to keep things simple here. But be sure to generate your key according to policies you may be subject to. Now we've generated a key-pair and we need to tell the rpm software how to use it. To do that, we'll need…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.