Centos – replace or remove GPG signature on RPM

centosgpgrpm

Is there a way to remove or replace an existing GPG signature on an RPM?

I am placing a few obscure RPMs on an internal repo we use for supplementary rhel/centos packages. A few of those RPMs are already signed. I would like to remove those signatures and resign them with a GPG signature we use for our local repo.

Best Answer

Simply (re-) sign the packages with your own key...

rpm --addsign package.rpm

The --addsign option generates and inserts new signatures for each package. Any existing signatures will be discarded.

The --resign option generates and appends signatures for the listed packages while preserving the existing signatures.

If you had imported the public key you can validate the new signature

rpm --checksig -v package.rpm

You should see the phrase Good signature from "Your Name" in the output.

AFAIK removing signatures isn't supported.

Best Answer

Related Solutions

Linux – How to include a customized configuration file in a rebuilt RPM

How To Clone part of a RPM repository

Related Topic