Hi. We're running RHN Satellite server to host RPMs for our RHEL servers, and have created our own GPG key to sign any thirds party RPMs that we want to upload to the Satellite server. As most vendors seem to ship their RPMs signed with RPM v3 signatures, we can't resign them with our own RPM v4 GPG key signature without corrupting the RPM. To overcome this we could install RPM v3 from source and use that to sign our third party RPMs. As this software have dependencies to other really old software (as Berkeley DB 1.85), it doesn't seem like the best option. Is there any other way to re-sign RPM v3 packages, without having to install RPM v3 (with all its dependencies), or without actually having to install an old RPM-based distro that ships with RPM v3? Greetings, Kenneth Holter -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
