Missing Security Signature error on RPM installation

soumenc3 · 10-07-2009, 07:45 AM

I have generated a GPG key and used it to sign my own RPM package.

When I install this on Fedora I get an Error Message Saying:
---Missing Security Signature
---The package is not signed by a trusted provider.
---Do not install this package unless you are sure it is safe to do so.
---
---Malicious Software can damage your computer or cause other harm.
---Are you sure you want to install this package?

I am pretty sure that I am missing some part of the puzzle here.
I am planning to distribute this RPM to my clients. How is RPM signing done, such that the user does not get this error on installation?

John VV · 10-08-2009, 01:27 AM

if you built the rpm just ignore it

Glennzo · 10-08-2009, 05:17 AM

Don't know much about creating one's own rpm files but I do believe that the GPG key needs to be distributed or at least available and then imported before the rpm is installed. Much like when you install some of the initial Fedora packages and yum asks if you want to import this key or that key.