Importing Custom GPG KeysFor customers who plan to build and distribute their own RPMs securely, it is stronglyrecommended that all custom RPMs are signed using GNU Privacy Guard (GPG). GeneratingGPG keys and building GPG-signed packages are covered in the Red Hat Network ChannelManagement Guide.Once the packages are signed, the public key must be deployed on all systems importing theseRPMs. This task has two steps: first, create a central location for the public key so that clientsmay retrieve it, and second, adding the key to the local GPG keyring for each system.The first step is common and may be handled using the website approach recommended fordeploying RHN client applications. (Refer to Section 1, “Deploying the Latest Red Hat NetworkClient RPMs”.) To do this, create a public directory on the Web server and place the GPG publicsignature in it:cp /some/path/YOUR-RPM-GPG-KEY /var/www/html/pub/The key can then be downloaded by client systems using Wget:wget -O- -q http://your_proxy_or_sat.your_domain.com/pub/YOUR-RPM-GPG-KEYThe -O- option sends results to standard output while the -q option sets Wget to run in quietmode. Remember to replace the YOUR-RPM-GPG-KEY variable with the filename of your key.Once the key is available on the client file system, import it into the local GPG keyring. Differentoperating systems require different methods.For Red Hat Enterprise Linux 3 or newer, use the following command:rpm --import /path/to/YOUR-RPM-GPG-KEYFor Red Hat Enterprise Linux 2.1, use the following command:gpg $(up2date --gpg-flags) --import /path/to/YOUR-RPM-GPG-KEYOnce the GPG key has been successfully added to the client, the system should be able tovalidate custom RPMs signed with the corresponding key.Chapter 4.23