Technology Insights

Generate A GPG Key To Sign RPM Packages Created Using rpmbuild On CentOS Linux

I have been playing around with building RPM packages today on CentOS because I needed to upgrade curl and the latest version available on CentOS didn’t have the features I needed to use. One of the things that had come h up during the RPM build process and the RPM package installation process using yum was the fact that your RPM packages should be signed. Signing RPM packages gives them some validity and will allow others to install them without having to modify their yum.conf file. Below I describe how to generate a GPG key to be used to sign RPM packages created using the rpmbuild command. First below is a message that will be received when attempting to install unsigned packages using yum with the default yum configuration.

Technology Errors

Yum Error: Package curl-7.20.0-1.i386.rpm is not signed, Install A Yum Package That Is Not Signed

Today I have been working on a project for work that involved accessing FTPS using curl. I needed the curl –libcurl switch which is not available in curl 7.15 so I needed to upgrade curl on the CentOS server I was working on. The problem is that there are not any repos with newer versions of curl available so then I set out to create my own curl RPM package. I was able to do this while learning many things along the way such as signing RPM packages. The first revision of my curl RPM package was not signed but I wanted to go ahead and install it anyway so below I explain installing unsigned RPM packages using yum.