36 lines
1.5 KiB
Markdown
36 lines
1.5 KiB
Markdown
# Readme
|
|
|
|
This repository hosts the public GPG key used for signing RPM packages provided by [Your Project Name]. The key is made available for users to import and verify the authenticity and integrity of our distributed RPMs.
|
|
|
|
## Purpose
|
|
- **Public GPG Key Distribution**: The primary file here is `RPM-GPG-KEY-[yourproject].asc`, which you can import to trust and verify RPM packages from our forge or repository.
|
|
- This repo is public to allow easy access to the key via a direct URL. For the actual RPM packages, refer to our main project repository or download site at [link to your RPM repo or forge page, e.g., https://github.com/yourusername/your-rpm-repo/releases].
|
|
|
|
## How to Import the GPG Key
|
|
To verify our RPM packages, import this public key on your system. Use the direct raw URL for the key file.
|
|
|
|
### Via Command Line (Recommended for RPM-based systems like Fedora, RHEL, CentOS)
|
|
1. Import the key:
|
|
|
|
```bash
|
|
sudo rpm --import https://gitea.confdroid.com/confdroid/confdroid-package-management/src/branch/master/keys/RPM-GPG-KEY-public.asc
|
|
```
|
|
|
|
2. Verify an RPM package after download:
|
|
|
|
```bash
|
|
rpm --checksig path/to/your-package.rpm
|
|
```
|
|
It should report "OK" if the signature matches.
|
|
|
|
### Via GPG (For manual verification or non-RPM systems)
|
|
1. Download the key:
|
|
|
|
```bash
|
|
curl -O https://gitea.confdroid.com/confdroid/confdroid-package-management/src/branch/master/keys/RPM-GPG-KEY-public.asc
|
|
```
|
|
2. To fetch from a keyserver (if published):
|
|
```bash
|
|
gpg --keyserver keys.openpgp.org --recv-keys 3. To fetch from a keyserver (if published):
|
|
```
|