[yocto] Who does add RPM sigunature to package in Yocto ?

[Matsumoto, Hiroo]

Hi


I tried to make rpm package with Yocto (poky's tag is 1.3_M1.final) and I could do it.
When I run rpm command with -qip option, there is a warning of RPM signature.

  $ rpm -qip tmp/deploy/rpm/i586/perl-5.14.2-r6.i586.rpm
  warning: tmp/deploy/rpm/i586/perl-5.14.2-r6.i586.rpm: Header V4 DSA/SHA1 Signature, key ID 196ceb6f: NOKEY
  Name        : perl                         Relocations: (not relocatable)
  Version     : 5.14.2                            Vendor: (none)
  Release     : r6                            Build Date: Fri Nov 30 04:21:57 2012
  Install Date: (not installed)               Build Host: CentOS-6.3-x8664
  Group       : devel                         Source RPM: perl-5.14.2-r6.src.rpm
  Size        : 5776                             License: Artistic-1.0 | GPL-1.0
  Signature   : DSA/SHA1, Fri Nov 30 04:21:57 2012, Key ID c07688a5196ceb6f
  Packager    : Poky <poky at yoctoproject.org>
  URL         : http://www.perl.org/
  Summary     : perl version 5.14.2-r6
  Description :
  Perl is a popular scripting language.

But I don't generate any GPG key.

  $ ls -l ~/.gnupg/
  total 12
  -rw-------. 1 <me> <me> 7856 Aug  7 02:45 gpg.conf
  -rw-------. 1 <me> <me>    0 Aug  7 02:45 pubring.gpg
  -rw-------. 1 <me> <me>    0 Aug  7 02:45 secring.gpg
  -rw-------. 1 <me> <me>   40 Aug  7 02:45 trustdb.gpg
  $ gpg --list-keys
  $ # Nothing

Who did add this signature ? (poky/meta/classes/package_rpm.bbclass ?)
Which key is used for this signature ?
Can I avoid adding a sigunature with any option ?


Regards.

Hiroo MATSUMOTO