如何给rpm包签名

如何给rpm包签名

我们自己制作的rpm包，为了防止被篡改，一般要使用私钥进行签名，然后将公钥公布出去，下载使用软件包的话，可以通过公钥进行验证签名，从而确保文件的原始性。

   1.如何给 libmhash-0.9.1-1.src.rpm签名

#cp  libmhash-0.9.1-1.src.rpm  /usr/src

# cd /usr/src

#rpm -ivh libmhash-0.9.1-1.src.rpm

#cd ~/rpmbuild/SPECS

#rpmbuild -ba libmhash-0.9.1-1.spec

# cd RPMS/X86_64

#cp libmhash....X86_64.rpm /var/www/html

#cd /var/www/html

#gpg --gen-key

 

gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.

 

gpg: keyring `/root/.gnupg/secring.gpg' created

Please select what kind of key you want:

   (1) RSA and RSA (default)

   (2) DSA and Elgamal

   (3) DSA (sign only)

   (4) RSA (sign only)

Your selection? 1                                                 #选择默认

RSA keys may be between 1024 and 4096 bits long.

What keysize do you want? (2048)                          #直接回车

Requested keysize is 2048 bits

Please specify how long the key should be valid.

      <0> = key does not expire

      <n>d = key expires in n days

      <n>w = key expires in n weeks

      <n>m = key expires in n months

      <n>y = key expires in n years

Key is valid for? (0)                                    #0代表永不过期

Key does not expire at all

Is this correct? (y/N) y                                 #确认

GnuPG needs to construct a user ID to identify your key.

 

Real name: stu180                                              #姓名

Email address:   stu180@163.com                      #邮箱

Comment: custom                                              #注释

You selected this USER-ID:

    "stu180(custom) <  stu180@163.com>"

 

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O    #大些字母O，确认

 

# gpg --list-key  #查看公钥和私钥

 

#echo "%_gpg_name 5CD51EB9(公钥)" >> ~/.rpmmacros   #修改rpm宏,使用我们的密钥对

#rpm --resign libmhash....X86_64.rpm                       #使用私钥进行签名。

#createrepo .     创建yum源。

# gpg --export -a   --export  5CD51EB9 -o ~/RPM-GPG-KEY-stu180   导出公钥

#scp ~/RPM-GPG-KEY-stu180   192.168.0.147:/tmp

 

在stu147

#rpm --import   /tmp/RPM-GPG-KEY-stu180

 

 

配置yum源

# cat /etc/yum.repos.d/server.repo  添加修改如下

[redhatlinux]

name=redhat

baseurl=http://192.168.0.180/

enabled=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-stu180

 

 

yum clean all

yum makecache

yum -y install libmhash*

可以正常的安装。

 

 

2. 对文件进行加密和解密

#echo  "linux redhat">stu120.txt

#gpg --import /tmp/RPM-GPG-KEY-stu180  导入180上的公钥

#gpg   --encrypt -a -r   CD51EB9 stu120.txt

#scp stu120.txt.asc  stu180:/tmp

 

在180上解密

#gpg --decrypt /tmp/stu120.txt.asc

 

 

 

 

转载于:https://blog.51cto.com/keygen/1123431