#SaferInternetDay – so let’s sign some things, like that new repository

It’s Safer Internet Day today.

Part of being safe on the is making sure you know what you are downloading.. so let’s make sure that you’re downloading those repositories using what I published, and not what someone else might have exchanged them with in the meantime.

We’ll create some keys to support them, using information from Linuxsysconfig, below the fold.

So here goes, firstly create a key, and export the public block, importing it into the tool

gpg --gen-key
gpg --export -a publisher > RPM-GPG-KEY-publisher@1310nm.net
sudo cp RPM-GPG-KEY-publisher@1310nm.net /etc/pki/rpm-gpg/
sudo rpm -- RPM-GPG-KEY-publisher@1310nm.net

Now configure RPM so that it can find the keys, and then re-sign the created RPMs, and update the information.

echo "%_signature gpg" > ~/.rpmmacros
echo "%_gpg_name publisher" >> ~/.rpmmacros
cd wireshark-2.2.4/packaging/rpm/RPMS/x86_64
rpm --resign *.rpm
createrepo --update .

And then enable the gpgcheck and gpgkey options in the repository file information. This is now in Building a Wireshark for CentOS 7, so everything should be using the published key versions now.