#SaferInternetDay – so let’s sign some things, like that new repository

It’s Safer Internet Day today. #giveasmile

Part of being safe on the Internet is making sure you know what you are downloading.. so let’s make sure that you’re downloading those Wireshark repositories using what I published, and not what someone else might have exchanged the files with the meantime.

We’ll create some GPG keys to support them, using information from Linuxsysconfig, below the fold.

So here goes, firstly create a key, and export the public block, importing it into the RPM tool

gpg --gen-key
gpg --export -a publisher > RPM-GPG-KEY-publisher@1310nm.net
sudo cp RPM-GPG-KEY-publisher@1310nm.net /etc/pki/rpm-gpg/
sudo rpm --import RPM-GPG-KEY-publisher@1310nm.net

Now configure RPM so that it can find the keys, and then re-sign the created RPMs, and update the repository information.

echo "%_signature gpg" > ~/.rpmmacros
echo "%_gpg_name publisher" >> ~/.rpmmacros
cd wireshark-2.2.4/packaging/rpm/RPMS/x86_64
rpm --resign *.rpm
createrepo --update .

And then enable the gpgcheck and gpgkey options in the repository file information. This is now updated in Building a Wireshark for CentOS 7, so everything should be using the published key versions now.