102 lines
3.1 KiB
Groff
102 lines
3.1 KiB
Groff
.TH "RPMSIGN" "8" "Red Hat, Inc"
|
|
.SH NAME
|
|
rpmsign \- RPM Package Signing
|
|
.SH SYNOPSIS
|
|
.SS "SIGNING PACKAGES:"
|
|
.PP
|
|
|
|
\fBrpm\fR \fB--addsign|--resign\fR [\fBrpmsign-options\fR] \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
|
|
|
|
\fBrpm\fR \fB--delsign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
|
|
|
|
.SS "rpmsign-options"
|
|
.PP
|
|
[\fb--fskpath \fIKEY\fb\fR] [\fB--signfiles\fR]
|
|
|
|
.SH DESCRIPTION
|
|
.PP
|
|
Both of the \fB--addsign\fR and \fB--resign\fR
|
|
options generate and insert new signatures for each package
|
|
\fIPACKAGE_FILE\fR given, replacing any
|
|
existing signatures. There are two options for historical reasons,
|
|
there is no difference in behavior currently.
|
|
|
|
\fBrpm\fR \fB--delsign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
|
|
|
|
.PP
|
|
Delete all signatures from each package \fIPACKAGE_FILE\fR given.
|
|
|
|
.SS "SIGN OPTIONS"
|
|
.PP
|
|
.TP
|
|
\fB--fskpath \fIKEY\fB\fR
|
|
Used with \fB--signfiles\fR, use file signing key \fIKey\fR.
|
|
.TP
|
|
\fB--signfiles\fR
|
|
Sign package files. The macro \fB%_binary_filedigest_algorithm\fR must
|
|
be set to a supported algorithm before building the package. The
|
|
supported algorithms are SHA1, SHA256, SHA384, and SHA512, which are
|
|
represented as 2, 8, 9, and 10 respectively. The file signing key (RSA
|
|
private key) must be set before signing the package, it can be configured on the command line with \fB--fskpath\fR or the macro %_file_signing_key.
|
|
|
|
.SS "USING GPG TO SIGN PACKAGES"
|
|
.PP
|
|
In order to sign packages using GPG, \fBrpm\fR
|
|
must be configured to run GPG and be able to find a key
|
|
ring with the appropriate keys. By default,
|
|
\fBrpm\fR uses the same conventions as GPG
|
|
to find key rings, namely the \fB$GNUPGHOME\fR environment
|
|
variable. If your key rings are not located where GPG expects
|
|
them to be, you will need to configure the macro
|
|
\fB%_gpg_path\fR
|
|
to be the location of the GPG key rings to use.
|
|
If you want to be able to sign packages you create yourself, you
|
|
also need to create your own public and secret key pair (see the
|
|
GPG manual). You will also need to configure the \fBrpm\fR macros
|
|
.TP
|
|
\fB%_gpg_name\fR
|
|
The name of the "user" whose key you wish to use to sign your packages.
|
|
.PP
|
|
For example, to be able to use GPG to sign packages as the user
|
|
\fI"John Doe <jdoe@foo.com>"\fR
|
|
from the key rings located in \fI/etc/rpm/.gpg\fR
|
|
using the executable \fI/usr/bin/gpg\fR you would include
|
|
.PP
|
|
.nf
|
|
%_gpg_path /etc/rpm/.gpg
|
|
%_gpg_name John Doe <jdoe@foo.com>
|
|
%__gpg /usr/bin/gpg
|
|
.fi
|
|
.PP
|
|
in a macro configuration file. Use \fI/etc/rpm/macros\fR
|
|
for per-system configuration and \fI~/.rpmmacros\fR
|
|
for per-user configuration. Typically it's sufficient to set just %_gpg_name.
|
|
.PP
|
|
.SH "SEE ALSO"
|
|
.nf
|
|
\fBpopt\fR(3),
|
|
\fBrpm\fR(8),
|
|
\fBrpmdb\fR(8),
|
|
\fBrpmkeys\fR(8),
|
|
\fBrpm2cpio\fR(8),
|
|
\fBrpmbuild\fR(8),
|
|
\fBrpmspec\fR(8),
|
|
.fi
|
|
|
|
\fBrpmsign --help\fR - as rpm supports customizing the options via popt aliases
|
|
it's impossible to guarantee that what's described in the manual matches
|
|
what's available.
|
|
|
|
|
|
\fBhttp://www.rpm.org/ <URL:http://www.rpm.org/>
|
|
\fR
|
|
.SH "AUTHORS"
|
|
|
|
.nf
|
|
Marc Ewing <marc@redhat.com>
|
|
Jeff Johnson <jbj@redhat.com>
|
|
Erik Troan <ewt@redhat.com>
|
|
Panu Matilainen <pmatilai@redhat.com>
|
|
Fionnuala Gunter <fin@linux.vnet.ibm.com>
|
|
.fi
|