# Readme

This repository hosts the public GPG key used for signing RPM packages provided by [Your Project Name]. The key is made available for users to import and verify the authenticity and integrity of our distributed RPMs.

## Purpose
- **Public GPG Key Distribution**: The primary file here is `RPM-GPG-KEY-[yourproject].asc`, which you can import to trust and verify RPM packages from our forge or repository.
- This repo is public to allow easy access to the key via a direct URL. For the actual RPM packages, refer to our main project repository or download site at [link to your RPM repo or forge page, e.g., https://github.com/yourusername/your-rpm-repo/releases].

## How to Import the GPG Key
To verify our RPM packages, import this public key on your system. Use the direct raw URL for the key file.

### Via Command Line (Recommended for RPM-based systems like Fedora, RHEL, CentOS)
1. Import the key:

```bash
  sudo rpm --import https://gitea.confdroid.com/confdroid/confdroid-package-management/src/branch/master/keys/RPM-GPG-KEY-public.asc
  ```

2. Verify an RPM package after download:

```bash
  rpm --checksig path/to/your-package.rpm
```
It should report "OK" if the signature matches.

### Via GPG (For manual verification or non-RPM systems)
1. Download the key:

```bash
   curl -O https://gitea.confdroid.com/confdroid/confdroid-package-management/src/branch/master/keys/RPM-GPG-KEY-public.asc
```
2. To fetch from a keyserver (if published):
```bash
   gpg --keyserver keys.openpgp.org --recv-keys 3. To fetch from a keyserver (if published):
```