GPG Sign RPMs

GPG key generation

A gpg key was generated with the following parameters:

gpg --full-generate-key

Please select what kind of key you want:
   (1) RSA and RSA (default)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Please specify how long the key should be valid.
         0 = key does not expire
Key is valid for? (0) 0

Real name: RPM sign UMD/CMD
Email address: grid.admin@lip.pt
Comment: 
You selected this USER-ID:
    "RPM sign UMD/CMD <grid.admin@lip.pt>"
public and secret key created and signed.
pub   rsa4096 2022-02-21 [SC]
      FDA5272E8C8A03597BFA253511339AA2D60A5E99
uid                      RPM sign UMD/CMD <grid.admin@lip.pt>
sub   rsa4096 2022-02-21 [E]

The passphrase is in monica (under NCG site).

The public and private keys where exported:

gpg --export -a 'RPM sign UMD/CMD'  > RPM-GPG-KEY-umd-cmd
gpg --export-secret-key 'RPM sign UMD/CMD' > RPM-GPG-KEY-umd-cmd.key

Copy the keys to monica, and import them:

gpg --import RPM-GPG-KEY-umd-cmd
gpg --import --allow-secret-key-import RPM-GPG-KEY-umd-cmd.key

On the host that will sign the RPMs:

rpm --import RPM-GPG-KEY-umd-cmd

To list all rpm gpg keys:

rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'

Data Structure

Json Schemas

GPG Sign RPMs

Deployment of new releases

Add new product to an existing distribution

Add new distribution

GPG Sign RPMs

GPG key generation