Packages must be uploaded to your private channel as root and must be digitally signed by
the uploader.
run
[root@dhcp ~]# mkdir ~/.gnupg
then
[root@dhcp ~]# gpg --gen-key
Select a type 1 DSA and ElGamal key (the default)
Select does not expire
For Real Name enter Satellite Root
For email root@satellite-fqdn
Comment to leave it blank.Enter a passphrase for your private key
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 56E7F807 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
key ID
pub 1024D/56E7F807 2011-03-14
Fingerprint
Key fingerprint = 3C68 34CB FFC5 B1F0 227E B99D 0C7E 0353 56E7 F807
uid Satellite Root <root@satellite-fqdn >
sub 2048g/D214DE21 2011-03-14
Write down your key ID and fingerprint for later use.
Export the GPG public key
[root@dhcp ~]# gpg --export --armor key-ID > /tmp/MY-GPG-KEY
Copy that key to the Satellite Server's Apache DocumentRoot's pub directory
[root@dhcp ~]# cp /tmp/MY-GPG-KEY /var/www/html/pub/MY-GPG-KEY
Log into your satellite server and create a new user named channeladmin. Modify the user account to be a channel administrator. Log out of the web site and log in again as channeladmin. Go to the Channels tab and create new channel. Make your new channel a child channel of the OS version of your client. For your GPG key URL use http://satellite-fqdn/pub/MY-GPG-KEY. Enter the GPG key ID and GPG key Fingerprint
To get fingerprint info
[root@wint-server-73 ~]# gpg --fingerprint
/root/.gnupg/pubring.gpg
------------------------
pub 1024D/56E7F807 2011-03-14
Key fingerprint = 3C68 34CB FFC5 B1F0 227E B99D 0C7E 0353 56E7 F807
uid Satellite Root <root@wint-server-73.wcm-london.com>
sub 2048g/D214DE21 2011-03-14
Add the following to ~/.rpmmacros
%_signature gpg
%_gpg_name KEYID
To sign the package
[root@dhcp ~]# rpm --resign package-name-1.0-1.noarch.rpm
To make sure the package is signed, use the following command
[root@dhcp ~]# rpm --checksig -v package-name-1.0-1.noarch.rpm
Upload your RPM
[root@dhcp ~]# rhnpush -c 'Channel Name' --server localhost
Subscribe your client to the private channel:
Using the URL listed by the RHN child channel , download the public key to your client system and then import it
[root@dhcp ~]# rpm --import MY-GPG-KEY
No comments:
Post a Comment