GPG signature for Fedora RPMs

[pocelka]

Would it be possible to sign RPMs for fedora? I was installing this nice piece of software using Ansible and I was getting:

Failed to validate GPG signature for lact-headless-0.5.1-0.x86_64: Package lact-headless-0.5.1-0.x86_64.fedora-3957l7cq3k.rpm is not signed.

So far I disabled checking for GPG in my playbook but it would be nice to have without this; as this could be considered as a security issue.

Note: At the end I went with libadwaita version but the question is in general for all RPMs.

[ilya-zlobintsev]

The packaging tool seems to support it: https://vv9k.github.io/pkger/signing.html I'll take a look at it at some point

[ilya-zlobintsev]

Implemented in #276 Note that by default dnf doesn't check signatures of manually downloaded rpm packages, and if you enable it, you also have to manually import the public key with rpm --import lact.pubkey (the pubkey file will be included with new releases)