Signing RPM package
An RPM signature, like the digital signature used on many other software-signing systems, is a private key encryption of a checksum. RPM uses the GPG libraries for signing.
create a GPG key by command: gpg –gen-key
edit /.rpmmacros file and add line %_gpg_name “email@example.com” at last.
signing the packages: rpm –addsign packfilename — I’m not sure which packagefile should I use :the .rpm or .src.rpm – always confuse between these two types file.
cp the package to /var/www/html