[Rpm-metadata] detached gpg signature on repomd.xml
seth vidal
skvidal at linux.duke.edu
Mon Aug 28 12:43:50 UTC 2006
On Mon, 2006-08-28 at 14:41 +0200, Christoph Thiel wrote:
> On Mon, 28 Aug 2006, seth vidal wrote:
>
> > > > Oh - in that case:
> > > > do you already have any code you'd like to share? :)
> > >
> > > Quoting http://en.opensuse.org/Secure_Installation_Sources
> > >
> > > "This is very simple to do:
> > >
> > > cd <repository directory>
> > > createrepo .
> > > gpg -a --detach-sign repodata/repomd.xml
> > >
> > > You can also use -b instead of --detach-sign for it is shorter.
> > >
> > > To supply your GPG key right with the source:
> > >
> > > gpg -a --export <your key id> > repodata/repomd.xml.key"
> > >
> >
> > I actually meant on the verification end, not on the signing side.
> >
> > sorry, I realized that wasn't clear.
>
> Well, we have the code in libzypp -- but that's C++.
>
>
ah, okay - I didn't know if you had added it to a yum pkg for suse or in
a plugin.
Thanks,
-sv
More information about the Rpm-metadata
mailing list