rpms signed - why not?
Amedeo Salvati
amedeo at oscert.net
Mon Jan 13 19:10:23 UTC 2014
I was setting up our spacewalk repo for ovirt due to auto provisioning
engine and node based on centos distro, but I was surprised that you
can't sign with gpg key your rpms, instead gluster rpms is signed with
key id 89ccae8b available on her site
Why you don't sign your rpms?
e.g:
$ wget
http://resources.ovirt.org/releases/3.3.2/rpm/EL/6/noarch/ovirt-engine-3.3.2-1.el6.noarch.rpm
$ rpm -K -v ovirt-engine-3.3.2-1.el6.noarch.rpm
ovirt-engine-3.3.2-1.el6.noarch.rpm:
Digest SHA1 header: OK (f8cf0a7592ae3d8d298813cf61ec8b4e2ad6b6f6)
MD5 digest: OK (bc4b66e0791b3ef5dd8e9b49828ad7d8)
instead gluster rpms:
$ wget
http://download.gluster.org/pub/gluster/glusterfs/LATEST/EPEL.repo/epel-6/x86_64/glusterfs-3.4.2-1.el6.x86_64.rpm
$ rpm -K -v glusterfs-3.4.2-1.el6.x86_64.rpm
glusterfs-3.4.2-1.el6.x86_64.rpm:
Header V4 RSA/SHA1 Signature, key ID 89ccae8b: NOKEY
Header SHA1 digest: OK (e71040f320da087e6e9012102e0e59f134259d2a)
V4 RSA/SHA1 Signature, key ID 89ccae8b: NOKEY
MD5 digest: OK (01e72fe3ed97ba849327cafe43ca5d45)
best regards
a
--
Amedeo Salvati
RHC{DS,E,VA} - LPIC-3 - UCP - NCLA 11
email: amedeo at oscert.net
email: amedeo at linux.com
http://plugcomputing.it/redhatcert.php
http://plugcomputing.it/lpicert.php
More information about the Arch
mailing list