[Rpm-metadata] detached gpg signature on repomd.xml

Christoph Thiel cthiel at suse.de
Mon Aug 28 12:41:28 UTC 2006


On Mon, 28 Aug 2006, seth vidal wrote:

> > > Oh - in that case:
> > >   do you already have any code you'd like to share? :)
> > 
> > Quoting http://en.opensuse.org/Secure_Installation_Sources
> > 
> >   "This is very simple to do:
> > 
> >       cd <repository directory>
> >       createrepo .
> >       gpg -a --detach-sign repodata/repomd.xml
> > 
> >   You can also use -b instead of --detach-sign for it is shorter.
> > 
> >   To supply your GPG key right with the source:
> > 
> >       gpg -a --export <your key id> > repodata/repomd.xml.key"
> > 
> 
> I actually meant on the verification end, not on the signing side.
> 
> sorry, I realized that wasn't clear.

Well, we have the code in libzypp -- but that's C++.


Regards
	Christoph



More information about the Rpm-metadata mailing list