#3 GPG signed RPMs

closed
nobody
Enhancement (4)
5
2003-11-19
2003-09-06
Paul Gear
No

I'd like to submit a simple request: could the cpan2rpm
RPMs be GPG signed? Thanks, Paul

Discussion

  • Erick Calder
    Erick Calder
    2003-11-17

    • status: open --> closed
     
  • Erick Calder
    Erick Calder
    2003-11-17

    Logged In: YES
    user_id=575496

    Paul,

    that feature has been available since 2.015. see -sign-setup
    and --no-sign in the man page.

    - ekkis

     
  • Paul Gear
    Paul Gear
    2003-11-17

    Logged In: YES
    user_id=6200

    I'm talking about the cpan2rpm rpm itself. When i
    downloaded the package, it wasn't signed:

    rpm --checksig cpan2rpm-2.019-1.noarch.rpm
    cpan2rpm-2.019-1.noarch.rpm: md5 OK

    I've just checked 2.021 and it isn't signed either.

    Thanks,
    Paul

     
  • Paul Gear
    Paul Gear
    2003-11-17

    • status: closed --> open
     
  • Erick Calder
    Erick Calder
    2003-11-18

    Logged In: YES
    user_id=575496

    I think you need to have our public key in your keyring for
    those verifications to work. for me:

    # rpm --checksig cpan2rpm-2.021-1.noarch.rpm
    cpan2rpm-2.021-1.noarch.rpm: sha1 md5 OK

    I've added a link to our gpg public key on the home page at:

    http://perl.arix.com/cpan2rpm/

    let me know whether that fixes it for you.

     
  • Paul Gear
    Paul Gear
    2003-11-18

    Logged In: YES
    user_id=6200

    No, that is an unsigned RPM. A signed RPM looks like this:

    rpm --checksig perl-Net-Z3950-0.34-1.noarch.rpm
    perl-Net-Z3950-0.34-1.noarch.rpm: (sha1) dsa sha1 md5 gpg OK

    SHA1 and MD5 are only the basic checksums. GPG is the
    important one.

     
  • Erick Calder
    Erick Calder
    2003-11-19

    • status: open --> closed
     
  • Erick Calder
    Erick Calder
    2003-11-19

    Logged In: YES
    user_id=575496

    ok. thanks for the input. I've added a section to the home
    page (http://perl.arix.com/cpan2rpm/) on verifying our
    packages and an entry to the FAQ regarding this issue.

    I've also made a small patch to cpan2rpm which should be
    included in the upcoming 2.022 version.

    1,000 thx for the help.