RPM signing with certificate
Mark Hatle
mark.hatle at windriver.com
Tue Aug 25 06:06:40 PDT 2015
On 8/25/15 1:04 AM, Divya Vyas wrote:
> Hi,
>
> I am able to sign the RPM with gpg keys and smart verifies it and gives error if
> public key not available.
>
> Now I am looking at rpm signing with self signed certificates/ CA certificates
> and smart verify that. Which technique should I use to create signature ? I am
> getting most of the results about creating signature is openssl. Is it possible
> to create certificate from gpg keys ? How will smart checks the certificate
> location ?
Smart simply calls into gpg (smart/channels/rpm_md.py):
status, output = commands.getstatusoutput(
"gpg --batch --no-secmem-warning --status-fd 1 --verify "
"%s %s" % (gpgitem.getTargetPath(), item.getTargetPath()))
So as long as that command reports a success you are free to use any mechanism
you choose to sign and verify the item. (If you look at the code you can see
how it processes the status and output to determine if the verification was
correct or not.)
--Mark
> Thanks,
>
>
More information about the Smart
mailing list