[RTFACT-15114] GPG sign .rpm files along with repomd.xml Created: 16/Oct/17  Updated: 11/Jul/19

Status: Open
Project: Artifactory Binary Repository
Component/s: RPM
Affects Version/s: None
Fix Version/s: None

Type: New Feature Priority: Normal
Reporter: Patrick Russell Assignee: Unassigned
Resolution: Unresolved Votes: 4
Labels: None

Issue Links:
Duplicate
is duplicated by RTFACT-10494 Internal RPM signing management Open

 Description   

Currently Artifactory will only sign an RPM repository's repomd.xml file. It will only generate repomd.xml.asc and repomd.xml.key files under the repodata folder.

A useful feature to ensure the RPM files themselves have been signed would be to add an option to sign them. This would use Artifactory's existing GPG signing functionality, extended to .rpm files. This is already done by Bintray, and would enhance Artifactory's functionality.

As this may be a more computationally intensive task, this could probably be implemented as a toggle-able option under the Signing section of the Artifactory UI, or a system setting.


Generated at Thu Nov 14 01:43:54 UTC 2019 using JIRA 7.6.16#76018-sha1:9ed376192612a49536ac834c64177a0fed6290f5.