Re: Signing built RPMs or how to create signed RPMs.

> > Hi Allen! > > You might want to look at the following post: > > http://www.mail-archive.com/fedora-buildsys-list@redhat.com/ms g02187.html > > -of Hi Oliver, Thanks for link. I had not come across this thread. It would appear that currently there isn't any method to sign RPMs within koji or mash. You can import prebuilt RPMs with signatures into Koji. I don't know much about importing RPMs into koji because I haven't had a need. Do the Fedora guys use the sign_unsigned.py script for the official Fedora yum repos? If so, how do they use mash? Because it looks to me that if you use this script, it does one of the steps mash does; fetching RPMs out of koji tags. I would have guessed that the Fedora guys generate their yum repos via mash from koji tags and then sign RPMs. I'd have to modify this script to suit my needs, but I think I could do it. It also looks like it relies on a newer version of RPM, the rpm command for key size == 4096 is one spot I noticed. Also, I have to enter a passphrase when I sign my RPMs but this script doesn't have any provisions for that. Is there a way to make rpm --resign not prompt for a passphrase? Has there been any talk about adding RPM signing to mash? It seems like that'd be a good place for it.