|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.TH "RPMSIGN" "8" "Red Hat, Inc"
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.SH NAME
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
rpmsign \- RPM Package Signing
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.SH SYNOPSIS
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.SS "SIGNING PACKAGES:"
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.PP
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
\fBrpm\fR \fB--addsign|--resign\fR [\fBrpmsign-options\fR] \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
\fBrpm\fR \fB--delsign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.SS "rpmsign-options"
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.PP
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
[\fb--fskpath \fIKEY\fb\fR] [\fB--signfiles\fR]
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.SH DESCRIPTION
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.PP
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
Both of the \fB--addsign\fR and \fB--resign\fR
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
options generate and insert new signatures for each package
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
\fIPACKAGE_FILE\fR given, replacing any
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
existing signatures. There are two options for historical reasons,
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
there is no difference in behavior currently.
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
|
|
Florian Festi |
3efc6e |
To create a signature rpm needs to verify the package's checksum. As a result
|
|
Florian Festi |
3efc6e |
packages with a MD5/SHA1 checksums cannot be signed in FIPS mode.
|
|
Florian Festi |
3efc6e |
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
\fBrpm\fR \fB--delsign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.PP
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
Delete all signatures from each package \fIPACKAGE_FILE\fR given.
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.SS "SIGN OPTIONS"
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.PP
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.TP
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
\fB--fskpath \fIKEY\fB\fR
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
Used with \fB--signfiles\fR, use file signing key \fIKey\fR.
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.TP
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
\fB--signfiles\fR
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
Sign package files. The macro \fB%_binary_filedigest_algorithm\fR must
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
be set to a supported algorithm before building the package. The
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
supported algorithms are SHA1, SHA256, SHA384, and SHA512, which are
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
represented as 2, 8, 9, and 10 respectively. The file signing key (RSA
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
private key) must be set before signing the package, it can be configured on the command line with \fB--fskpath\fR or the macro %_file_signing_key.
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.SS "USING GPG TO SIGN PACKAGES"
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.PP
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
In order to sign packages using GPG, \fBrpm\fR
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
must be configured to run GPG and be able to find a key
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
ring with the appropriate keys. By default,
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
\fBrpm\fR uses the same conventions as GPG
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
to find key rings, namely the \fB$GNUPGHOME\fR environment
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
variable. If your key rings are not located where GPG expects
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
them to be, you will need to configure the macro
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
\fB%_gpg_path\fR
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
to be the location of the GPG key rings to use.
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
If you want to be able to sign packages you create yourself, you
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
also need to create your own public and secret key pair (see the
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
GPG manual). You will also need to configure the \fBrpm\fR macros
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.TP
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
\fB%_gpg_name\fR
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
The name of the "user" whose key you wish to use to sign your packages.
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.PP
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
For example, to be able to use GPG to sign packages as the user
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
\fI"John Doe <jdoe@foo.com>"\fR
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
from the key rings located in \fI/etc/rpm/.gpg\fR
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
using the executable \fI/usr/bin/gpg\fR you would include
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.PP
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.nf
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
%_gpg_path /etc/rpm/.gpg
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
%_gpg_name John Doe <jdoe@foo.com>
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
%__gpg /usr/bin/gpg
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.fi
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.PP
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
in a macro configuration file. Use \fI/etc/rpm/macros\fR
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
for per-system configuration and \fI~/.rpmmacros\fR
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
for per-user configuration. Typically it's sufficient to set just %_gpg_name.
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.PP
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.SH "SEE ALSO"
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.nf
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
\fBpopt\fR(3),
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
\fBrpm\fR(8),
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
\fBrpmdb\fR(8),
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
\fBrpmkeys\fR(8),
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
\fBrpm2cpio\fR(8),
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
\fBrpmbuild\fR(8),
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
\fBrpmspec\fR(8),
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.fi
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
\fBrpmsign --help\fR - as rpm supports customizing the options via popt aliases
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
it's impossible to guarantee that what's described in the manual matches
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
what's available.
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
\fBhttp://www.rpm.org/ <URL:http://www.rpm.org/>
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
\fR
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.SH "AUTHORS"
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.nf
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
Marc Ewing <marc@redhat.com>
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
Jeff Johnson <jbj@redhat.com>
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
Erik Troan <ewt@redhat.com>
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
Panu Matilainen <pmatilai@redhat.com>
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
Fionnuala Gunter <fin@linux.vnet.ibm.com>
|
|
![](https://seccdn.libravatar.org/avatar/7eafec293cdc84ccc79910e3192915e78e6e34e812c9116c61cc64bf13dc271a?s=16&d=retro) |
2ff057 |
.fi
|