rpms signed - why not?

Amedeo Salvati amedeo at oscert.net
Mon Jan 13 19:10:23 UTC 2014


I was setting up our spacewalk repo for ovirt due to auto provisioning 
engine and node based on centos distro, but I was surprised that you 
can't sign with gpg key your rpms, instead gluster rpms is signed with 
key id 89ccae8b available on her site

Why you don't sign your rpms?

e.g:
$ wget 
http://resources.ovirt.org/releases/3.3.2/rpm/EL/6/noarch/ovirt-engine-3.3.2-1.el6.noarch.rpm
$ rpm -K -v ovirt-engine-3.3.2-1.el6.noarch.rpm
ovirt-engine-3.3.2-1.el6.noarch.rpm:
     Digest SHA1 header: OK (f8cf0a7592ae3d8d298813cf61ec8b4e2ad6b6f6)
     MD5 digest: OK (bc4b66e0791b3ef5dd8e9b49828ad7d8)

instead gluster rpms:
$ wget 
http://download.gluster.org/pub/gluster/glusterfs/LATEST/EPEL.repo/epel-6/x86_64/glusterfs-3.4.2-1.el6.x86_64.rpm
$ rpm -K -v glusterfs-3.4.2-1.el6.x86_64.rpm
glusterfs-3.4.2-1.el6.x86_64.rpm:
     Header V4 RSA/SHA1 Signature, key ID 89ccae8b: NOKEY
     Header SHA1 digest: OK (e71040f320da087e6e9012102e0e59f134259d2a)
     V4 RSA/SHA1 Signature, key ID 89ccae8b: NOKEY
     MD5 digest: OK (01e72fe3ed97ba849327cafe43ca5d45)

best regards
a

-- 
Amedeo Salvati
RHC{DS,E,VA} - LPIC-3 - UCP - NCLA 11
email: amedeo at oscert.net
email: amedeo at linux.com
http://plugcomputing.it/redhatcert.php
http://plugcomputing.it/lpicert.php




More information about the Arch mailing list