Re-signing RPM v3 packages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi.


We're running RHN Satellite server to host RPMs for our RHEL servers,
and have created our own GPG key to sign any thirds party RPMs that we
want to upload to the Satellite server.
As most vendors seem to ship their RPMs signed with RPM v3 signatures,
we can't resign them with our own RPM v4 GPG key signature without
corrupting the RPM.

To overcome this we could install RPM v3 from source and use that to
sign our third party RPMs. As this software have dependencies to other
really old software (as Berkeley DB 1.85), it doesn't seem like the
best option. Is there any other way to re-sign RPM v3 packages,
without having to install RPM v3 (with all its dependencies), or
without actually having to install an old RPM-based distro that ships
with RPM v3?


Greetings,
Kenneth Holter

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux