>>>>>> On 01/20/2016 01:37 AM, Alice Wonder wrote: >>>>>>> I'm trying to find where / how to use sha256 when I sign packages >>>>>>> but I >>>>>>> am not having much luck. Closest I have found is this : >>>>>>> >>>>>>> https://fedoraproject.org/wiki/RPM_file_format_changes_to_support_SHA-256 >>>>>>> This thread has been a whole bunch of confusion. What you're trying to do requires that you add one line to your .rpmmacros file: %_gpg_digest_algo sha256 The _binary_filedigest_algorithm and _source_filedigest_algorithm don't affect the signature, they affect the file digest. That is, they set the checksum by which files will be verified by rpm -V. You can see the digest of each file using "rpm -qp --dump". >> I'm still not getting it to work - I am trying outside of mock. As far as I know, mock doesn't sign packages, so you don't need to change your mock configuration at all. >> Before just _signature_gpg and _gpg_name were defined Because I'm curious, I checked.... Only _gpg_name and _gpg_digest_algo need to be set. "%_signature gpg" is either the default, or it's unused. I'm not sure which. > I am wondering if my issue is related to my gpg configuration but I > don't even know where the hell the user specific configuration is kept > now. I think it's normally created when you create your keys, but it doesn't seem to be needed. > No idea if the gpg configuration could be the issue, and the gpg2 man > page doesn't seem to indicate where the configuration file is kept now. Yes, it does. The file is gpg.conf in --homedir (which defaults to ~/.gnupg).