Adding the Trusted Signing Key

Each of the Storage Manager RPM packages are digitally signed via GPG .

The public key is distributed along with the Storage Manager install media and can be added to the trusted key list for each Open Enterprise Server on which Storage Manager RPMs are installed.

IMPORTANT: You can install the RPM packages without adding the public signing key to the list of trusted signers, but you will need to manually approve each package install as the system will warn of the package having an untrusted signing key.

To add the public signing key to a server:

  1. Mount the ISO fileStorageManager-24.4.iso on the Open Enterprise Server.

  2. From a terminal session, change to the root folder of the mounted ISO.

  3. Enter rpmkeys --import condrey-packages-gpgkey.pub.

  4. To verify the key was added to the system:

    1. Enter rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'

    2. Look for the entry gpg-pubkey-fdc181f9-634cee33 --> gpg(Condrey Corporation <builds@condreycorp.com>)