1.5 KiB
1.5 KiB
Readme
This repository hosts the public GPG key used for signing RPM packages provided by [Your Project Name]. The key is made available for users to import and verify the authenticity and integrity of our distributed RPMs.
Purpose
- Public GPG Key Distribution: The primary file here is
RPM-GPG-KEY-[yourproject].asc, which you can import to trust and verify RPM packages from our forge or repository. - This repo is public to allow easy access to the key via a direct URL. For the actual RPM packages, refer to our main project repository or download site at [link to your RPM repo or forge page, e.g., https://github.com/yourusername/your-rpm-repo/releases].
How to Import the GPG Key
To verify our RPM packages, import this public key on your system. Use the direct raw URL for the key file.
Via Command Line (Recommended for RPM-based systems like Fedora, RHEL, CentOS)
- Import the key:
sudo rpm --import https://gitea.confdroid.com/confdroid/confdroid-package-management/src/branch/master/keys/RPM-GPG-KEY-public.asc
- Verify an RPM package after download:
rpm --checksig path/to/your-package.rpm
It should report "OK" if the signature matches.
Via GPG (For manual verification or non-RPM systems)
- Download the key:
curl -O https://gitea.confdroid.com/confdroid/confdroid-package-management/src/branch/master/keys/RPM-GPG-KEY-public.asc
- To fetch from a keyserver (if published):
gpg --keyserver keys.openpgp.org --recv-keys 3. To fetch from a keyserver (if published):