关于GPG,可以参考这里。
列出keys
# gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub 2048R/98681A63 2014-07-15
uid yinye (yinye's key) <yy@xspring.net>
sub 2048R/5A1B2B28 2014-07-15
导出public key
这样,别人就可以导入,然后验证你签名的rpm package了。
# gpg --export --armor yy@xspring.net > yy.asc
备份private key
# gpg --export-secret-keys --armor yy@xspring.net > yy_private.asc
检查rpm包的签名
# rpm -K ceph-deploy-1.5.9-0.noarch.rpm
ceph-deploy-1.5.9-0.noarch.rpm: RSA sha1 ((MD5) PGP) md5 NOT OK (MISSING KEYS: (MD5) PGP#98681a63)
检查rpm包的完整性(下载过程中是否损坏)
# rpm -K --nosignature ceph-deploy-1.5.9-0.noarch.rpm
ceph-deploy-1.5.9-0.noarch.rpm: sha1 md5 OK
导入public key
rpm --import 'https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/autobuild.asc'
列出public key
# rpm -qa gpg-pubkey*
gpg-pubkey-03c3951a-51149b56
gpg-pubkey-baadae52-49beffa4
gpg-pubkey-c105b9de-4e0fd3a3
gpg-pubkey-17ed316d-4fb96ee8
gpg-pubkey-0608b895-4bd22942
# rpm -qa gpg-pubkey* --qf "%{name}-%{version}-%{release}-%{summary}\n"
gpg-pubkey-03c3951a-51149b56-gpg(Ceph automated package build (Ceph automated package build) <sage@newdream.net>)
gpg-pubkey-baadae52-49beffa4-gpg(elrepo.org (RPM Signing Key for elrepo.org) <secure@elrepo.org>)
gpg-pubkey-c105b9de-4e0fd3a3-gpg(CentOS-6 Key (CentOS 6 Official Signing Key) <centos-6-key@centos.org>)
gpg-pubkey-17ed316d-4fb96ee8-gpg(Ceph Release Key <sage@newdream.net>)
gpg-pubkey-0608b895-4bd22942-gpg(EPEL (6) <epel@fedoraproject.org>)
查看public key的详细信息
# rpm -qi gpg-pubkey-03c3951a-51149b56
主要参考
-
https://fedoraproject.org/wiki/Creating_GPG_Keys