A developer is deploying an application to a Red Hat Enterprise Linux (RHEL) server within a CI/CD pipeline. A key requirement is that the application package must support digital signatures for authentication and have built-in version information for tracking. Which of the following artifact types best meets these requirements for the target environment?
RPM (Red Hat Package Manager) is the native packaging format for Red Hat-based systems like RHEL. It has built-in support for GPG signatures to ensure package authenticity and integrity. RPMs also have a standardized way of embedding version information in their metadata, which tools like YUM or DNF use for version tracking and dependency management. A tar archive with a checksum only verifies file integrity, not authenticity, and lacks automated version tracking. A Debian package is designed for Debian-based distributions (like Ubuntu) and is incompatible with RHEL's native tools. Compiling from source code relies on custom scripts and does not offer a standardized, integrated system for signing and versioning like RPM.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is integrated signing and version information preferred in a DevOps pipeline?
Open an interactive chat with Bash
What signing method is commonly used in Red Hat-based environments?
Open an interactive chat with Bash
How does a checksum differ from built-in signature systems?