[RTFACT-15114] GPG sign .rpm files along with repomd.xml Created: 16/Oct/17  Updated: 11/Jul/19

Status: Open
Project: Artifactory Binary Repository
Component/s: RPM
Affects Version/s: None
Fix Version/s: None

Type: New Feature Priority: Normal
Reporter: Patrick Russell Assignee: Unassigned
Resolution: Unresolved Votes: 7
Labels: None

Issue Links:
is duplicated by RTFACT-10494 Internal RPM signing management Open


Currently Artifactory will only sign an RPM repository's repomd.xml file. It will only generate repomd.xml.asc and repomd.xml.key files under the repodata folder.

A useful feature to ensure the RPM files themselves have been signed would be to add an option to sign them. This would use Artifactory's existing GPG signing functionality, extended to .rpm files. This is already done by Bintray, and would enhance Artifactory's functionality.

As this may be a more computationally intensive task, this could probably be implemented as a toggle-able option under the Signing section of the Artifactory UI, or a system setting.

Generated at Wed Aug 05 08:27:25 UTC 2020 using Jira 8.5.3#805003-sha1:b4933e02eaff29a49114274fe59e1f99d9d963d7.