Verifying sources against gpg signature during RPM build ?
A number of packages that I maintain have GPG signatures provided alongside
the sources for new releases. Is there any best pratice approach / RPM macro
magic for verifying the GPG signature of sources during build, or are
packagers just (re)inventing the wheel each time ?
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|