36 lines
1.4 KiB
Markdown
36 lines
1.4 KiB
Markdown
# Readme
|
|
|
|
This repository hosts the public GPG key used for signing RPM packages provided by Confdroid Package Management. The key is made available for users to import and verify the authenticity and integrity of our distributed RPMs.
|
|
|
|
## Purpose
|
|
- **Public GPG Key Distribution**: The primary file here is `RPM-GPG-KEY-public.asc`, which you can import to trust and verify RPM packages from our forge or repository.
|
|
- This repo is public to allow easy access to the key via a direct URL. For the actual RPM packages, refer to project repository in question.
|
|
|
|
## How to Import the GPG Key
|
|
To verify our RPM packages, import this public key on your system. Use the direct raw URL for the key file.
|
|
|
|
### Via Command Line (Recommended for RPM-based systems like Fedora, RHEL, CentOS)
|
|
1. Import the key:
|
|
|
|
```bash
|
|
sudo rpm --import https://gitea.confdroid.com/confdroid/confdroid-package-management/src/branch/master/keys/RPM-GPG-KEY-public.asc
|
|
```
|
|
|
|
2. Verify an RPM package after download:
|
|
|
|
```bash
|
|
rpm --checksig path/to/your-package.rpm
|
|
```
|
|
It should report "OK" if the signature matches.
|
|
|
|
### Via GPG (For manual verification or non-RPM systems)
|
|
1. Download the key:
|
|
|
|
```bash
|
|
curl -O https://gitea.confdroid.com/confdroid/confdroid-package-management/src/branch/master/keys/RPM-GPG-KEY-public.asc
|
|
```
|
|
2. To fetch from a keyserver (if published):
|
|
```bash
|
|
gpg --keyserver keys.openpgp.org --recv-keys 3. To fetch from a keyserver (if published):
|
|
```
|