Project

General

Profile

Feature #2106

Sign RPM Packages with GPG Key

Added by Rene Zbinden over 6 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
-
Target version:
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

It is best practice to sign the generated packages with a gpg key and provide the public key for users, that use your foreman repository: http://www.rpm.org/max-rpm/s1-rpm-pgp-signing-packages.html

Would be great if packages get signed in near future.

BR, Rene


Related issues

Related to Installer - Bug #2629: Enable gpgcheck on yum reposClosed2013-06-07

Associated revisions

Revision 3afbd145 (diff)
Added by Dominic Cleal about 6 years ago

fixes #2106, #2123, #2561 - sign RPMs, rename -ec2 to -compute, fix foreman.repo URLs

Revision 700122c4
Added by Sam Kottler about 6 years ago

Merge remote-tracking branch 'domcleal/rpms' into develop

  • domcleal/rpms:
    fixes #2555, #2560 - add foreman-release and MySQL gems to comps
    fixes #2106, #2123, #2561 - sign RPMs, rename -ec2 to -compute, fix foreman.repo URLs
    fixes #2573 - refresh Fedora 18 comps, don't force SCL

Revision c168e966 (diff)
Added by Dominic Cleal about 6 years ago

fixes #2106, #2123, #2561 - sign RPMs, rename -ec2 to -compute, fix foreman.repo URLs
(cherry picked from commit 3afbd14599a8f0cc2178df638f4570b68ad441ed)

Conflicts:
extras/packaging/rpm/sources/foreman.repo
foreman.spec

History

#1 Updated by Sam Kottler over 6 years ago

  • Assignee set to Sam Kottler
  • Target version set to 1.1

This will be done for 1.1 final.

#2 Updated by Ohad Levy over 6 years ago

  • Project changed from Foreman to Packaging
  • Category deleted (Packaging)
  • Target version deleted (1.1)

#3 Updated by Dominic Cleal about 6 years ago

  • Status changed from New to Assigned
  • Assignee changed from Sam Kottler to Dominic Cleal
  • Target version set to 1.2.0

#4 Updated by Sam Kottler about 6 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

Applied in changeset commit:"700122c429c5d399f676b6ffdc3414ba694ea2e1".

#5 Updated by Dominic Cleal about 6 years ago

Just a small status update for anybody coming across this:

From Foreman 1.2, all release packages will be signed - this includes RCs and final releases, plus all dependencies. Nightly packages won't be signed.

The installer's been fixed via #2629 to enable gpgcheck on the repos it sets up, and foreman-release is updated in the stable branches for releases to enable GPG checking and distribute the signature.

#6 Updated by Greg Sutcliffe about 1 year ago

  • Target version deleted (1.2.0)

Also available in: Atom PDF