I have been playing around with building RPM packages today on CentOS because I needed to upgrade curl and the latest version available on CentOS didn’t have the features I needed to use. One of the things that had come h up during the RPM build process and the RPM package installation process using yum was the fact that your RPM packages should be signed. Signing RPM packages gives them some validity and will allow others to install them without having to modify their yum.conf file. Below I describe how to generate a GPG key to be used to sign RPM packages created using the rpmbuild command. First below is a message that will be received when attempting to install unsigned packages using yum with the default yum configuration.