Wider exposure of the Sequoia backend taught us that OpenPGP v3 signatures are
surprisingly common still in the rpm-ecosystem, and in fact more common than v4
signatures. It's a bit surprising, considering that gnupg has defaulted to
creating v4 signatures since 1.4.8 from late 2007 gnupg2 refuses to create them
at all.
For future reference, the sample package here was signed with
rpmsign --addsign --rpmv3 \
--digest-algo=sha256 \
--key-id=r...@rpm.org \
--define "__gpg /usr/bin/gpg1" \
--define "_gpg_sign_cmd_extra_args --force-v3-sigs" \
/tmp/hello-2.0-1.x86_64.rpm
The two defines are the key to creating OpenPGP v3 signatures in 2022, the.
Note that the --rpmv3 switch has absolutely nothing to do with OpenPGP v3
signatures, it's there to force *rpm* v3 signatures on the package similar
to the other signed sample package.
Fixes: #2276
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/2290
-- Commit Summary --
* Add some basic tests for OpenPGP v3 signatures
-- File Changes --
A tests/data/RPMS/hello-2.0-1.x86_64-v3-signed.rpm (0)
M tests/rpmsigdig.at (69)
-- Patch Links --
https://github.com/rpm-software-management/rpm/pull/2290.patch
https://github.com/rpm-software-management/rpm/pull/2290.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/2290
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/2...@github.com>
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
