Time to resurrect multi-key signatures in RPM?

Seth Vidal skvidal at fedoraproject.org
Tue Aug 26 04:35:35 UTC 2008


On Tue, 2008-08-26 at 03:57 +0000, Bojan Smojver wrote:
> Bojan Smojver <bojan <at> rexursive.com> writes:
> 
> > Are these things exceptions to the rule or do majority of package have this
> > kind of thing built in?
> 
> Actually, it should be quite easy to verify this. If someone from Red Hat could
> run 'ls *.rpm | sort | while read pkg; do echo -en "$pkg\t"; rpm2cpio < $pkg |
> sha1sum; done' for all Fedora packages built in koji of a distro/arch (say
> F9/i386) and if Matt could do the same on his Dell build farm, we'll clearly see
> what gives different checksums of cpio archives.

why do you want that?

rpm -qp --dump pkg.rpm

-sv





More information about the fedora-devel-list mailing list