directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@gmail.com>
Subject Re: RPM Signatures for apacheds
Date Wed, 20 May 2015 21:43:25 GMT
Le 20/05/15 22:22, Cralle, Chris a écrit :
> Hello Apache Dev,

Hi,
>
> I am attempting to validate the apacheds rpms using the RPM Signature.  But so far, I
have been unable locate a single matching public GPG key that was used sign any of your linux
rpms?
>
> Where/How do you build your rpms, and what key is being used to sign them.

We use an old version of Tanuki wrapper, with a maven plugin we have
written, to create the packages. I'm not sure we sign the resulting
package using PGP though : when I run rpm -K on the rpm, here is what I
get :

rpm -K  ~/Downloads/apacheds-2.0.0-M20-x86_64.rpm
/Users/elecharny/Downloads/apacheds-2.0.0-M20-x86_64.rpm: (sha1) dsa
sha1 md5 OK


OTOH, you can check the package against the md5/asc checksum which is
available on
http://directory.apache.org/apacheds/download/download-linux-rpm.html
>
> So far I have checked M20, M18, M17, they all have differnent rpm signatures. And none
of them are in the master KEYS file. Nor could I find them on the pgp mit server.

All those versions were signed by me, using this :

https://pgp.mit.edu/pks/lookup?op=vindex&search=0x31474E5E7C6B7034

Not sure if this is what you are looking for...



Mime
View raw message