Most of yum is written in python, so yum makes extensive use of this library for verifying digital signatures found in RPM packages and yum repository metadata. GPGME provides a convenient set of interfaces for accessing information about GPG keys, encrypting data, decrypting data and more. Pygpgme is a python wrapper around a library called GPGME, a library designed to make using GPG much more straightforward for applications. RPM package files (.rpm) and yum repository metadata can be signed with GPG. Signing data with a GPG key enables the recipient of the data to verify that no modifications occurred after the data was signed (assuming the recipient has a copy of the sender’s public GPG key). This is a companion post to a previous blog post about GPG signing and verifying deb packages and apt repositories. This blog post also explains what the purpose of the pygpgme python library is, how it is used for verifying GPG signatures in RPMs and yum repository metadata, and an unfortunate bug related to pygpgme found in yum as prepared for CentOS 5 / Red Hat Enterprise Linux 5. This blog post will explain how GPG signatures are implemented for RPM files and yum repository metadata, as well as how to generate and verify those signatures.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |