St2 stable and enterprise rpm packages should be signed

[sibirajal]

If you find an issue in packages, please file an issue and we'll have a look as soon as we can.
In order to expedite the process, it would be helpful to follow this checklist and provide
relevant information.

• Operating system: uname -a, ./etc/lsb_release or cat /etc/redhat-release
• StackStorm version: st2 --version
• Actual package versions of all packages (st2, st2web, st2chatops, st2mistral, nginx, mongo, rabbitmq-server, postrgresql; Enterprise: st2flow, st2-auth-ldap)
  DEB: apt-cache policy ${PACKAGE_NAME} will give you the version of package.
  RPM: yum info ${PACKAGE_NAME} will you give the version of package.
  Note the exact name of mongo, nginx, rabbitmq and postgres changes based on OS.
• Contents of /etc/st2/st2.conf
• Output of st2ctl status
• Optional - Details about target box. E.g. vagrant box link or AWS AMI link.

#Issue details
Hello Team,

Our RPM standard mandates that all packages must be signed.

It appears that the St2 packages are not signed with the private key. However, the repository is provided with public gpgkey.

Can you please sign the St2 packages with the gpg key? So, that we can verify the packages in our end by enabling gpgcheck=1.

rpm -qpi /var/tmp/ss/st2-2.10.3-1.x86_64.rpm

Name : st2
Version : 2.10.3
Release : 1
Architecture: x86_64
Install Date: (not installed)
Group : System/Management
Size : 139429158
License : Apache
Signature : (none)
Source RPM : st2-2.10.3-1.src.rpm
Build Date : Wed 06 Mar 2019 06:12:47 AM UTC
Build Host : ef047d010665
Relocations : (not relocatable)
URL : https://github.com/StackStorm/st2
Summary : StackStorm all components bundle

[warrenvw]

@sibirajal thanks for the suggestion. This is something we've wanted to work toward. @armab has more context, so assigning this issue to him.

[arm4b]

Duplicate of #303

[arm4b]

Yes, it’s a good feature request to have, as we’ve discussed this in past.
Closing in favor of #303