Importing Custom Gpg Keys - Red Hat NETWORK 4.1.0 - CLIENT Configuration Manual

Chapter 4.

Importing Custom GPG Keys

For customers who plan to build and distribute their own RPMs securely, it is strongly
recommended that all custom RPMs are signed using GNU Privacy Guard (GPG). Gener-
ating GPG keys and building GPG-signed packages are covered in the Red Hat Network
Channel Management Guide.
Once the packages are signed, the public key must be deployed on all systems importing
these RPMs. This task has two steps: first, create a central location for the public key so
that clients may retrieve it, and second, adding the key to the local GPG keyring for each
system.
The first step is common and may be handled using the website
approach recommended for deploying RHN client applications. (Refer to
Section 2.1 Deploying the Latest Red Hat Network Client RPMs.) To do this, create a
public directory on the Web server and place the GPG public signature in it:
cp /some/path/YOUR-RPM-GPG-KEY /var/www/html/pub/
The key can then be downloaded by client systems using Wget:
wget -O- -q http://your_proxy_or_sat.your_domain.com/pub/YOUR-RPM-GPG-KEY
option sets Wget to run in
The option sends results to standard output while the
-O- -q
quiet mode. Remember to replace the YOUR-RPM-GPG-KEY variable with the filename
of your key.
Once the key is available on the client file system, import it into the local GPG keyring.
Different operating systems require different methods.
For Red Hat Enterprise Linux 3 or newer, use the following command:
rpm --import /path/to/YOUR-RPM-GPG-KEY
For Red Hat Enterprise Linux 2.1, use the following command:
gpg $(up2date --gpg-flags) --import /path/to/YOUR-RPM-GPG-KEY
Once the GPG key has been successfully added to the client, the system should be able to
validate custom RPMs signed with the corresponding key.