diff --git a/.gitea/workflows/build-release.yml b/.gitea/workflows/build-release.yml
index 97700fc..4a2d40f 100644
--- a/.gitea/workflows/build-release.yml
+++ b/.gitea/workflows/build-release.yml
@@ -129,6 +129,7 @@ jobs:
         run: |
           echo "${{ secrets.RPM_SIGNING_KEY }}" | gpg --batch --import
           echo "%_gpg_name ${{ secrets.RPM_SIGNING_KEY_ID }}" > ~/.rpmmacros
+          echo "%__gpg_sign_cmd %{__gpg} gpg --batch --no-armor --no-tty --pinentry-mode loopback --passphrase '' %{?_gpg_digest_algo:--digest-algo %{_gpg_digest_algo}} --no-secmem-warning -u \"%{_gpg_name}\" -sbo %{__signature_filename} --digest-algo sha256 %{__plaintext_filename}" >> ~/.rpmmacros
 
       - name: Sign and publish
         run: ./script/publish-repo.sh rpms/
diff --git a/script/publish-repo.sh b/script/publish-repo.sh
index 2b5e304..e1ed1ea 100755
--- a/script/publish-repo.sh
+++ b/script/publish-repo.sh
@@ -6,7 +6,9 @@ REMOTE_DIR="/var/www/rpm/fedora/43/x86_64"
 
 # sign each rpm with the imported gpg key
 for rpm in "${RPM_DIR}"/*.rpm; do
+    echo "signing ${rpm}..."
     rpm --addsign "${rpm}"
+    rpm --checksig "${rpm}"
 done
 
 install --directory --mode 700 ~/.ssh