Digital Signatures For Rhn Packages; Generating A Gnupg Keypair - Red Hat NETWORK SATELLITE 5.3.0 - CHANNEL MANAGEMENT Management Manual
Channel management
Hide thumbs
Also See for NETWORK SATELLITE 5.3.0 - CHANNEL MANAGEMENT:
- Reference manual (318 pages) ,
- Installation manual (84 pages) ,
- Deployment manual (80 pages)
Table of Contents
Advertisement
10. Any pre-install, post-install, pre-uninstall, and post-uninstall scripts should never write anything to
stderr or stdout. Redirect the messages to /dev/null if they are not necessary. Otherwise, write
them to a file.
11. When creating the spec file, use the group definitions from /usr/share/doc/rpm-<version>/
GROUPS. If there is not an exact match, select the next best match.
12. Use the RPM dependency feature to make sure the program runs after it is installed.
Important
Do not create an RPM by archiving files and then unarchiving them in the post-install
script. This defeats the purpose of RPM.
If the files in the archive are not included in the file list, they cannot be verified or examined for
conflicts. In the vast majority of cases, RPM itself can pack and unpack archives most effectively
anyway. For instance, do n't create files in a %post that you do not clean up in a %postun section.
3.2. Digital Signatures for RHN Packages
All packages distributed through RHN should have a digital signature. A digital signature is created
with a unique private key and can be verified with the corresponding public key. After creating a
package, the SRPM (Source RPM) and the RPM can be digitally signed with a GnuPG key. Before the
package is installed, the public key is used to verify the package was signed by a trusted party and the
package has not changed since it was signed.
3.2.1. Generating a GnuPG Keypair
A GnuPG keypair consists of the private and public keys. To generate a keypair type the following
command as the root user on the shell prompt:
gpg --gen-key
If you execute this command as a non-root user, you see the following message:
gpg: Warning: using insecure memory!
This message appears because non-root users cannot lock memory pages. Since you do not want
anyone else to have your private GnuPG key or your passphrase, you want to generate the keypair as
root. The root user can lock memory pages, which means the information is never written to disk.
After executing the command to generate a keypair, you see an introductory screen containing key
options similar to the following:
gpg (GnuPG) 1.2.6; Copyright (C) 2004 Free Software
Foundation, Inc.
WARRANTY. This is free software, and you are welcome to
This program comes with ABSOLUTELY NO
Digital Signatures for RHN Packages
7
Advertisement
Table of Contents
