powered by Jive Software

Where can I find rpm files public key?

Hello,

I’m trying to install openfire from the RPM file provided on the website, however I can’t seem to find the public key that would allow me to validate the rpm. Trying to browse https://download.igniterealtime.org/openfire/ was unsuccessfull and I don’t see a link to it in the documentation I read. Could you tell me where/how to find it ?

Thanks,

We provide SHA1SUM values for all distributables. You can find them in the blogpost that announces the release, or, for every release, as part of the ‘releases’ page on GitHub: https://github.com/igniterealtime/Openfire/releases

Thank you for your answer, however this does not help me.
It is actually my bad here: I incorrectly assumed that the provided RPMs were signed, which is not the case (‘rpm -kv <file>’ does not show any signature).

Do you have any plan to sign the rpm files generated for openfire ? Relevant documentation here : http://ftp.rpm.org/max-rpm/s1-rpm-pgp-signing-packages.html . You will also need a gpg key pair (private key to sign, public key - which i was asking for - to distribute)

Our use-case is that we install openfire from a local repository and enforce gpgcheck. Not having a default signature means that we will have to re-sign the rpm on our side, thus deploying a rpm that can"t match any of the official sha1sum, which is suboptimal as the key won’t come from an official source but be project/context-specific instead.

There are no plan to do this… up to now. I’m not against this. Roping in @akrherz to get his thoughts on the matter…

It would be nice to have this along with daily updating apt-get and yum/dnf repos. So I am not against it at all :slight_smile: