Packages should be signed

[ghoneycutt]

Package should be signed, though not all are. The deployment process should include signing packages.

Expected Behavior

yum/apt should check that packages are signed and successfully install software.

Current Behavior

If you turn on gpgcheck, installing packages fail.

Package sensu-cli-2.0.0~nightly+20180404-1.x86_64.rpm is not signed

Possible Solution

Change the deployment process to sign packages.

Context

Enabled gpgcheck in a yum repo and was surprised that while a gpg key is provided, it is not being used to sign the packages.

[amdprophet]

Thanks for opening this issue. I'm planning on copying over our GPG signing key to the 2.x build pipeline soon.