Is there a way to remove or replace an existing GPG signature on an RPM?
I am placing a few obscure RPMs on an internal repo we use for supplementary rhel/centos packages. A few of those RPMs are already signed. I would like to remove those signatures and resign them with a GPG signature we use for our local repo.
Best Answer
Simply (re-) sign the packages with your own key...
The
--addsign
option generates and inserts new signatures for each package. Any existing signatures will be discarded.The
--resign
option generates and appends signatures for the listed packages while preserving the existing signatures.If you had imported the public key you can validate the new signature
You should see the phrase
Good signature from "Your Name"
in the output.AFAIK removing signatures isn't supported.