参考 https://gist.github.com/fernandoaleman/1376720
如果打不开上一个连接,请参考https://www.cnblogs.com/LiuYanYGZ/p/9433756.html
1 如何制作带签名的自定义rpm包 2 操作步骤: 3 制作rpm包的服务器: 4 由于制作rpm包的用户打算使用rpmuser用户,所以可以将gpg的一系统操作在rpmuser下进行,我使用的是root,然后再将/root/.gnupg/拷贝到/home/rpmuser/.gnugp/ 再改chown -R rpmuser:rpmuser /home/rpmuser/.gnugp/ 5 1)gpg --gen-key 6 pg: /root/.gnupg/trustdb.gpg: trustdb created 7 gpg: key 2D50D623 marked as ultimately trusted 8 public and secret key created and signed. 9 2)gpg --list-keys 10 [root@localhost rpmbuild]# gpg --list-keys 11 /root/.gnupg/pubring.gpg 12 ------------------------ 13 pub 1024R/2D50D623 2018-08-06 14 uid FeiTian (FeiTian Released) <[email protected]> 15 sub 1024R/FF885B48 2018-08-06 16 3)gpg --export -a 2D50D623 > RPM-GPG-KEY 17 4)配置 ~/.rpmmacros file 18 # vim ~/.rpmmacros 19 # 20 # %_signature => This will always be gpg 21 # %_gpg_path => Enter full path to .gnupg in your home directory 22 # %_gpg_name => Use the Real Name you used to create your key 23 # %_gpbin => run `which gpg` (without ` marks) to get full path 24 %_signature gpg 25 %_gpg_path /root/.gnupg 26 %_gpg_name Fernando Aleman 27 %_gpgbin /usr/bin/gpg 28 5)为DIY的包签名 29 rpm --addsign git-1.7.7.3-1.el6.x86_64.rpm 30 或 31 rpm --addsign *.rpm 32 签名后的文件与签名前的相比只是在文件头部(添加)修改了一些信息, 签名后大了344个字节。 33 6)rpm build期间可以指定--sign来直接得到签名了的rpm包 34 rpmbuild -ba --sign SPECS/hello.spec 35 下载rpm者: 36 1)导入发布者公钥RPM-GPG-KEY 37 sudo rpm --import RPM-GPG-KEY 38 2)Verify the list of gpg public keys in RPM DB 39 rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n' 40 3)成功导入公钥后才能验签 (观察'gpg OK') 41 [root@localhost GPG]# rpm --checksig /usr/local/hello-0.1-1.x86_64.rpm 42 /usr/local/hello-0.1-1.x86_64.rpm: rsa sha1 (md5) pgp md5 确定 43 否则,提示不正确 44 [root@localhost GPG]# rpm --checksig /usr/local/hello-0.1-1.x86_64.rpm 45 /usr/local/hello-0.1-1.x86_64.rpm: RSA sha1 (MD5) PGP md5 不正确