Re-signing RPM v3 packages
Kenneth Holter
kenneho.ndu at gmail.com
Tue Mar 15 15:05:33 UTC 2011
Hi.
We're running RHN Satellite server to host RPMs for our RHEL servers,
and have created our own GPG key to sign any thirds party RPMs that we
want to upload to the Satellite server.
As most vendors seem to ship their RPMs signed with RPM v3 signatures,
we can't resign them with our own RPM v4 GPG key signature without
corrupting the RPM.
To overcome this we could install RPM v3 from source and use that to
sign our third party RPMs. As this software have dependencies to other
really old software (as Berkeley DB 1.85), it doesn't seem like the
best option. Is there any other way to re-sign RPM v3 packages,
without having to install RPM v3 (with all its dependencies), or
without actually having to install an old RPM-based distro that ships
with RPM v3?
Greetings,
Kenneth Holter
More information about the redhat-list
mailing list