RPM signing


#1

Hello,

Is it possible to get a version of the rpm package that has been gpg signed, or if it is not, posting the checksums of the packages somewhere on the site to verify against?

Thank you.


#2

Hmm, the yum repos are not signed (but the apt ones are?)
If you are using yum repos (http://sensuapp.org/docs/latest/packages)
you should be able to let Yum do checksumming for you.
http://repos.sensuapp.org/yum/el/6/noarch/repodata/repomd.xml (etc)
Or are you more concerned against comparing the checksum of things on
repos.sensuapp.org to the main sensuapp.org page?

···

On Tue, Aug 26, 2014 at 12:38 PM, Travis Graham <ttmartingraham@gmail.com> wrote:

Hello,

Is it possible to get a version of the rpm package that has been gpg signed,
or if it is not, posting the checksums of the packages somewhere on the site
to verify against?

Thank you.


#3

My main concern is comparing the checksums from repos.sensuapp.org to what is listed on the sensuapp.org page. My predicament is I cannot install software in my environment without being able to verify its integrity. Since the apt packages seemed to be signed I was hoping it would be a trivial matter to also start signing the rpm ones. However if the checksum for each package was posted on the site then I would be able to satisfy the requirements that way as well.

···

On Wednesday, August 27, 2014 5:07:51 AM UTC+1, Kyle Anderson wrote:

Hmm, the yum repos are not signed (but the apt ones are?)

If you are using yum repos (http://sensuapp.org/docs/latest/packages)

you should be able to let Yum do checksumming for you.

http://repos.sensuapp.org/yum/el/6/noarch/repodata/repomd.xml (etc)

Or are you more concerned against comparing the checksum of things on

repos.sensuapp.org to the main sensuapp.org page?

On Tue, Aug 26, 2014 at 12:38 PM, Travis Graham > > ttmarti...@gmail.com wrote:

Hello,

Is it possible to get a version of the rpm package that has been gpg signed,

or if it is not, posting the checksums of the packages somewhere on the site

to verify against?

Thank you.