Red Hat Enterprise Linux 5 Administration Unleashed

148CHAPTER 5Working with RPM SoftwareRefer to the “Installing Software” section in this chapter for instructions on verifying thatthe key is imported.Now the rpm utility must be set up to use this new key when signing packages. First,determine the unique GPG name given to the key by executing the following commandas root:gpg --list-keysThe output looks similar to the following, and the unique GPG name you need to lookfor is after the slash on the line starting with sub:/root/.gnupg/pubring.gpg------------------------pub 1024D/AADA3407 2007-02-28uidTCBF Computers (TCBF) sub 2048g/1A85EDF8 2007-02-28In our example, 1A85EDF8 is the name you need to reference. In the /root/.rpmmacrosfile, include the following lines (replace the name with your GPG name):%_signature gpg%_gpg_name 1A85EDF8To sign a package, execute the following as root:rpm --resign Enter the passphrase used to generate the key when prompted. If you enter the correctpassphrase for the GPG key named in the /root/.rpmmacros file, the message Passphrase is good is displayed.Testing the PackageAfter building and signing the RPM, install it on a test system to be sure all the files areinstalled and it performs as expected. First, check the signature on the package with therpm -K command. Remember to import your own key as described in theprevious section before checking the signature. If the package has not been modified orcorrupted since it was signed, the output will include the phrase md5 gpg OK:startvpn-1.1-1.noarch.rpm: (sha1) dsa sha1 md5 gpg OKIf the package is not signed, the output will include output such as:NOT OKIf you haven’t imported the corresponding public key, the following is displayed:MISSING KEYS