Tuesday, 30 October 2012

RPM Signing and Repo Creation lab

Purpose

The purpose of this lab is to know the steps to sign RPM packages and create the RPM package repository for use with yum.

Signing RPM packages

First I created my own GPG key by the following command and completed the required infomation.


| gpg --gen-key




At the end the script required 284 more bytes to generate the key. So I had typed some random words in order to complete.

After that, I edited the ~/.rpmmarcos file to add my email address associated with the gpg key in %_gpg_name macro.

I added this line in the bottom of ~/.rpmmarcos file.


%_gpg_name "myemailaddresshere"




With that done I proceed to sign packages. First I installed the rpm-sign package.

| yum install rpm-sign


Then sign the package by using this command.

| rpm --addsign which-2.20-1.fc17.x86_64.rpm



After entering the pass phrase, the signing process was successfully completed. Next step is to create my own yum repo.

Creating the Repository

Move the signed RPM to repo directory and create the repo.


| createrepo .




Then besides the RPM package, the command created a rpmrepo folder which is for creating yum repo.

The last part was to create a new repository file in /etc/yum.repos.d. I copied the existing Fedora repo file and made the following edits.

[wendy]
name=wendy
Baseurl=file:///home/wendy/repo
enabled=1
metadata_expire=7d
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/wendy-gpg-key-rpm

The /etc/pki/rpm-gpg/wendy-gpg-key-rpm file was made by exporting my public key file to /home/wendy/repo with the following command.

| gpg --export --armour "myemailaddress" > wendy-gpg-key-rpm


(* Do this with regular user account)

Finally I tested the install by YUM.


It worked! YUM was trying to install the package from my own repository ("wendy").

Repodata directory:



No comments:

Post a Comment