Sign packages #42
Labels
No labels
bug
documentation
duplicate
enhancement
help wanted
invalid
maintenance
obsolete
question
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
yestax/setup#42
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Use a gpg key to sign package apt/rpm
For RPM, dnf flags an error with default install procedure if packages are not signed.
Sign or document how to bypass (/etc/yum.repos.d/rpm.repo) gpgcheck
apt doesn't trusts individual packages but checks repository metadata (Handled by getting the repo key see wiki)
rpm trusts per-package signatures so the user need to import the key inside the rpm database.
needs to import a key before installing package
rpm --import <key_file>
#109 build-package now able to sign packages
the import should be done by the modification in the repo file (see wiki)