Red Hat Satellite 6 Administration
Import a GPG key pair and use it to sign an RPM package.
Outcomes
Import a GPG key pair.
Sign an RPM package.
Important
The comprehensive review labs are related exercises, and you can start with any lab in the sequence. If you reset your lab environment before your first comprehensive review lab, then you do not need to reset again. If you did not reset your lab environment after performing exercises from previous chapters, then you must reset your lab environment before starting any comprehensive review lab.
As the student user on the workstation machine, use the lab command to prepare your system for this exercise.
This command prepares your environment and ensures that all required resources are available.
[student@workstation ~]$ lab start compreview-gpg
Specifications
Import the GPG key pair from the
/home/student/key.ascfile inworkstation. Usetesting123as the passphrase.Use that GPG key pair to sign the
/home/student/sm-practice-1.0-1.el9.x86_64.rpmpackage.
Import the GPG key pair from the
/home/student/key.ascfile inworkstation. Usetesting123as the passphrase.Import the GPG key pair from the
key.ascfile. Enter the passphrase,testing123, when prompted.[student@workstation ~]$
gpg --import key.ascgpg: directory '/home/student/.gnupg' created gpg: keybox '/home/student/.gnupg/pubring.kbx' created gpg: /home/student/.gnupg/trustdb.gpg: trustdb created gpg: key 3D1A2063E907DD14: public key "student <student@workstation.lab.example.com>" imported gpg: key 3D1A2063E907DD14: secret key imported gpg: Total number processed: 1 gpg: imported: 1 gpg: secret keys read: 1 gpg: secret keys imported: 1List the key information. View the
uidname and email address of the key owner.[student@workstation ~]$
gpg --fingerprint/home/student/.gnupg/pubring.kbx -------------------------------- pub rsa2048 2022-08-22 [SC] 670A 253D 0E8C 2E0F 3F50 99E8 3D1A 2063 E907 DD14 uid [ unknown] student <student@workstation.lab.example.com> sub rsa2048 2022-08-22 [E]
Sign the
/home/student/sm-practice-1.0-1.el9.x86_64.rpmRPM package with the GPG key pair.Install the
rpm-signpackage.[student@workstation ~]$
sudo dnf install rpm-sign[sudo] password for student:student...output omitted...Create or modify the
.rpmmacrosfile in the/home/studentdirectory. Set the%_gpg_namemacro value to the GPGuidname and address from the previous command output.[student@workstation ~]$
echo \'%_gpg_name student <student@workstation.lab.example.com>' >> ~/.rpmmacrosSign the
sm-practice-1.0-1.el9.x86_64.rpmpackage. Usetesting123as the passphrase.[student@workstation ~]$
rpmsign --addsign sm-practice-1.0-1.el9.x86_64.rpmsm-practice-1.0-1.el9.x86_64.rpm:Verify the signature for the
sm-practice-1.0-1.el9.x86_64.rpmpackage.Note
You can ignore the NOKEY warning message for this exercise. It means that although the package is signed, the signing key is not imported into the local RPM database.
[student@workstation ~]$
rpm -qip sm-practice-1.0-1.el9.x86_64.rpmwarning: sm-practice-1.0-1.el9.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID e907dd14: NOKEY Name : sm-practice Version : 1.0 Release : 1.el9 Architecture: x86_64 Install Date: (not installed) Group : Unspecified Size : 1304 License : BSC Signature : RSA/SHA256, Tue 23 Aug 2022 02:48:00 AM EDT, Key ID 3d1a2063e907dd14 Source RPM : sm-practice-1.0-1.el9.src.rpm Build Date : Mon 22 Aug 2022 09:59:04 AM EDT Build Host : workstation.lab.example.com Relocations : (not relocatable) URL : http://workstation.lab.example.com Summary : A simple program to practice building RPM packages Description : This program will function as a practice exercise for building an RPM package.
