[Rpm-metadata] detached gpg signature on repomd.xml
Christoph Thiel
cthiel at suse.de
Mon Aug 28 12:41:28 UTC 2006
On Mon, 28 Aug 2006, seth vidal wrote:
> > > Oh - in that case:
> > > do you already have any code you'd like to share? :)
> >
> > Quoting http://en.opensuse.org/Secure_Installation_Sources
> >
> > "This is very simple to do:
> >
> > cd <repository directory>
> > createrepo .
> > gpg -a --detach-sign repodata/repomd.xml
> >
> > You can also use -b instead of --detach-sign for it is shorter.
> >
> > To supply your GPG key right with the source:
> >
> > gpg -a --export <your key id> > repodata/repomd.xml.key"
> >
>
> I actually meant on the verification end, not on the signing side.
>
> sorry, I realized that wasn't clear.
Well, we have the code in libzypp -- but that's C++.
Regards
Christoph
More information about the Rpm-metadata
mailing list