St2 stable and enterprise rpm packages should be signed

[sibirajal]

If you find an issue in packages, please file an issue and we'll have a look as soon as we can. In order to expedite the process, it would be helpful to follow this checklist and provide relevant information.

• [ ] Operating system: uname -a, ./etc/lsb_release or cat /etc/redhat-release
• [ ] StackStorm version: st2 --version
• [ ] Actual package versions of all packages (st2, st2web, st2chatops, st2mistral, nginx, mongo, rabbitmq-server, postrgresql; Enterprise: st2flow, st2-auth-ldap) DEB: apt-cache policy ${PACKAGE_NAME} will give you the version of package. RPM: yum info ${PACKAGE_NAME} will you give the version of package. Note the exact name of mongo, nginx, rabbitmq and postgres changes based on OS.
• [ ] Contents of /etc/st2/st2.conf
• [ ] Output of st2ctl status
• [ ] Optional - Details about target box. E.g. vagrant box link or AWS AMI link.

Issue details

Hello Team,

Our RPM standard mandates that all packages must be signed.

It appears that the St2 packages are not signed with the private key. However, the repository is provided with public gpgkey.

Can you please sign the St2 packages with the gpg key? So, that we can verify the packages in our end by enabling gpgcheck=1.

rpm -qpi /var/tmp/ss/st2-2.10.3-1.x86_64.rpm

Name : st2 Version : 2.10.3 Release : 1 Architecture: x86_64 Install Date: (not installed) Group : System/Management Size : 139429158 License : Apache Signature : (none) Source RPM : st2-2.10.3-1.src.rpm Build Date : Wed 06 Mar 2019 06:12:47 AM UTC Build Host : ef047d010665 Relocations : (not relocatable) URL : https://github.com/StackStorm/st2 Summary : StackStorm all components bundle

[warrenvw]

@sibirajal thanks for the suggestion. This is something we've wanted to work toward. @armab has more context, so assigning this issue to him.

[arm4b]

Duplicate of #303

[arm4b]

Yes, it’s a good feature request to have, as we’ve discussed this in past. Closing in favor of #303