First, send a message to Chmouel <chmouel@mandrakesoft.com> so he can give you an email address @linux-mandrake.com.
Next, install PGP (Pretty Good Privacy):
- install our pgp-2.6.3 package from ftp://ftp.sunet.se/pub/Linux/distributions/mandrake-crypto/
- create a .pgp directory in you home directory: mkdir ~/.pgp
- in order to generate your PGP keys type: "pgp -kg"
- select option "1) 512 bits- Low commercial grade..."
- enter your Firstname+Name+email address @linux-mandrake.com - ex: if your name is "John Smith" and you email address "jsmith@linux-mandrake.com", enter: John Smith jsmith@linux-mandrake.com
- enter a little pass phrase or password that you will have to remember
- type like a fool on your keyboard, try not to break it
Now the keys should have been generated.
In order to extract a public ascii key:
- type: pgp -kxa
- enter your complete PGP identity (in our example: John Smith jsmith@linux-mandrake.com)
- enter a filename for the ascii file, for example: key.asc
- send the key.asc file to Chmouel <chmouel@mandrakesoft.com> so your packages can be authentified in the future.
How to sign your RPM packages?
It's very easy:
- edit ~/.rpmmacros and put something like (replace _pgp_name with your own PGP id!):
%_signature pgp
%_pgp_name John Smith
%distribution Mandrake
%vendor MandrakeSoft
Now, every time you recompile a package, you will have to enter the following command: rpm --sign -ba --clean file.spec (you will be prompted for your personal secret phrase).
In order to contribute your new package, upload it (.src.rpm only!) to: ftp://ftp.linux-mandrake.com/incoming/ and warn Chmouel and cooker-list.
Have fun!