RFE: Option to automatically sign repodata during metadata creation/manipulation

rpm-software-management / createrepo_c

C implementation of the createrepo.

http://rpm-software-management.github.io/createrepo_c

GNU General Public License v2.0

100 stars 93 forks source link

RFE: Option to automatically sign repodata during metadata creation/manipulation #61

Open Conan-Kudo opened 8 years ago

Conan-Kudo commented 8 years ago

Package managers such as dnf and zypper have the ability to verify signatures of metadata if it is signed. In fact, for zypper, this is the default behavior and it complains when the repodata isn't signed.

However, how to do this isn't that well-known, and it would make sense to incorporate the functionality into the createrepo_c suite of tools.

dralley commented 3 years ago

This would be very useful for Pulp. We already have an way to accomplish this but it basically involves providing your own signing shell script. An "official" mechanism that can't be so easily messed up would be much preferred.