Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [package-drone-dev] Looking to Implement RPM signing service

Hi Walter,

I am really sorry for the late reply.

I think a good approach to that would be to:
a) create a new virtual artifact, which takes the original (unsigned) RPM and attached a virtual artifact as a child. The virtual artifact being the signed RPM
b) extract the information of the signature into the metadata (not matter if this is a virtual artifact or a real one)
c) Enhance the yum repository plugin to allow ignoring unsigned RPMs.

With this setup you would end up with a YUM repository of only signed RPMs. And RPMs would get either signed externally, or by package drone.

I hope this helps



On Tue, May 14, 2019 at 6:48 PM Walker Funk <walker.funk@xxxxxxxxxxx> wrote:
Would like to implement an RPM signing service in addition to the yum repository signing service. I know this was in the works at some point, has any work been done in regards to this feature? Where might be a good place to start with this?
package-drone-dev mailing list
To change your delivery options, retrieve your password, or unsubscribe from this list, visit

Jens Reimann
Principal Software Engineer / EMEA ENG Middleware
Werner-von-Siemens-Ring 14
85630 Grasbrunn
phone: +49 89 2050 71286

Red Hat GmbH,,
Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Tom Savage, Michael O'Neill

Back to the top