Feature #2106
closed
Sign RPM Packages with GPG Key
Description
It is best practice to sign the generated packages with a gpg key and provide the public key for users, that use your foreman repository: http://www.rpm.org/max-rpm/s1-rpm-pgp-signing-packages.html
Would be great if packages get signed in near future.
BR, Rene
Updated by Sam Kottler over 11 years ago
- Assignee set to Sam Kottler
- Target version set to 1.1
This will be done for 1.1 final.
Updated by Ohad Levy over 11 years ago
- Project changed from Foreman to Packaging
- Category deleted (
Packaging) - Target version deleted (
1.1)
Updated by Dominic Cleal almost 11 years ago
- Status changed from New to Assigned
- Assignee changed from Sam Kottler to Dominic Cleal
- Target version set to 1.2.0
Updated by Sam Kottler almost 11 years ago
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
Applied in changeset commit:"700122c429c5d399f676b6ffdc3414ba694ea2e1".
Updated by Dominic Cleal almost 11 years ago
Just a small status update for anybody coming across this:
From Foreman 1.2, all release packages will be signed - this includes RCs and final releases, plus all dependencies. Nightly packages won't be signed.
The installer's been fixed via #2629 to enable gpgcheck on the repos it sets up, and foreman-release is updated in the stable branches for releases to enable GPG checking and distribute the signature.
Updated by