![[LWN Logo]](/images/lwn.banner.gif)
From: Dan Anderson <root@danx.ct.scom>
Subject: Signing RPMS HOWTO (Undocumented RPM Secrets)
Date: Wed, 23 Jun 1999 06:25:44 +0000
RedHat's 6.0 Documentation for RPM 2.0 is not only incomplete--it's
inaccurate.
I filed this as bugzilla bug 3638
(http://developer.redhat.com/bugzilla/)
But I thought while we're waiting a few years for it to be corrected,
I'll summarize below.
- Dan
Basically, almost everything that used to be in /etc/rpmrc
(except include, macrofiles, optflags, & provides) now goes in file
/etc/rpm/macros.
This is documented NOWHERE but in the source code!!!
Also, if you use rpm --sign, it is now BROKEN.
To fix it (Also UNDOCUMENTED), add this secret statement to file
/etc/rpm/macros:
%_pgpbin /usr/local/bin/pgp
(or whereever your pgp is located).
If you are using PGP 2.6.x, you must have another file in the same
directory named "pgp26"
or "pgp50" depending on whether you are using PGP 2.6.x or PGP 5.x
(another undocumented secret).
That is,
ln -s /usr/local/bin/pgp /usr/local/bin/pgp26
or
ln -s /usr/local/bin/pgp /usr/local/bin/pgp50
Next, you need your .pgp directory set up and have the directory and
files owned by root or whatever user ID you set up the RPMs with.
Here's my /etc/rpmrc:
#/etc/rpmrc
optflags: i386 -O2 -m486 -fno-strength-reduce
optflags: alpha -O2
optflags: sparc -O2
Here's my /etc/rpm/macros:
%_signature pgp
%_pgp_path /etc/rpm/.pgp
%_pgpbin /usr/local/bin/pgp
%_pgp_name "Dan Anderson <danx@cts.com>"
%_vendor: Dan E. Anderson http://dan.pmbc.com/
%_packager: Dan E. Anderson <danx#cts.com>
%_distribution: Dan E. Anderson http://dan.pmbc.com/
Here's my /etc/rpm/.pgp directory (sorry, no content--some are secret!):
[/etc/rpm/.pgp]# ls -la
total 22
drwx------ 2 root root 1024 Jun 22 20:06 ./
drwxr-x--- 27 root root 2048 Jun 22 23:16 ../
-rw------- 1 root root 4002 Jun 22 09:22 config.txt
-rw------- 1 root root 582 Jun 22 12:57 dan.asc
-r-------- 1 root root 5802 Sep 2 1994 keys.asc
-rw-r--r-- 1 root root 77 Dec 22 1998 pgp.cfg
-rw------- 1 root root 4833 Jun 22 12:52 pubring.pgp
-rw------- 1 root root 408 Jun 22 22:26 randseed.bin
-r-------- 1 root root 668 Jun 22 12:52 secring.pgp
+Cc: danx@cts.com, bugzilla-owner@redhat.com
+Summary: rpm --sign setup misdocumented/not documented
+
+I was trying to create rpms for the rhcn Contrib|Net.
+However, lots of things are misdocumented/not documented.
+I had to add debug to the rpm source to find how to use it.
+Please correct!!!!!!!!
+
+1. /usr/man/man8/rpm.8 (section PGP_SIGNATURES)
+1a. The "pgp" must be on the same line as %_signature
+1b. Same with %_pgp_name
+1c. Same with %pgp_name
+1d. %_pgp_name's value is missing the initial double quote
+(")
+
+2. Add a line line in the man page
+%_pgpbin /usr/local/bin/pgp
+(or whereever pgp is located)
+Also another file must exist with the version appended in
+the same directory.
+E.g., /usr/local/bin/pgp26 or /usr/local/bin/pgp50
+(Ref: pgp source file lib/signature.c)
+
+2. File /usr/doc/rpm-3.0.1/signatures
+2a. Change references to rpmrc to
+ "/etc/rpm/macros or ~/.rpmmacros"
+2b. Change "signature" to "%_signature"
+2c. Change "pgp_name" to "%_pgp_name"
+2d. Add "%_pgpbin"