On Sat, 28 Jun 2014 12:51:07 +0200 drago01 <drago01@xxxxxxxxx> wrote: > On Sat, Jun 28, 2014 at 12:22 PM, Florian Weimer <fweimer@xxxxxxxxxx> ...snip... > > The signature is on the RPM header, not the payload. The RPM > > header only lists digests of individual files (after decompression). > > > > So this shouldn't make a difference. > > OK so there is no reason not to do it really. I'm clearly failing to get accross how this works... I guess I'll give it one more go and then bow out. :) So, say you have a.rpm. You build it, You sign it. A user installs a.rpm and is happy. b.rpm comes along as an update. You build it. You sign it. You make a a-to-b.drpm of the changes between the two. User wants to upgrade installed a to b via the drpm. In order to not assemble b.rpm locally and just apply a-to-b.drpm to your existing install you would need to either: a) yum/dnf would have to grow support to do what rpm does right now, ie, unpack files on the filesystem, update rpmdb, etc. or b) rpm would need to grow support for drpms directly. It current to my understanding doesn't have any. So, sure, we could sign drpms and yum/dnf could check that, but they still need to assemble the final rpm in order to pass it to rpm. Feel free to poke around at it and come up with a proof of concept or buy in from one of those groups if you can get it working. kevin
Attachment:
signature.asc
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct