Missing update announcements

shrek-m at gmx.de shrek-m at gmx.de
Thu May 5 18:27:42 UTC 2005 

Sam Varshavchik wrote:

> Bernd Bartmann writes:
>
>> Why is it not possible to automatically sent out the announcement
>> after the rpms are signed and the MD5 sums are known?
>>
>> Is it possible to trigger an email to the packager after the package
>> is signed? Something like a reminder "package is ready for
>> distribution, please sent out an announcement".
>
> Why even care about MD5 sums?  As long as the signature verifies OK 
> that's all you need to know.  The signature is really just another sum 
> of the file's contents, that's encrypted by the private key.


afair not all packages are signed, eg. testing, development, ...
the md5sum will tell if the package was modified.
eg. hexedit a signed package.

# cp logwatch-5.2.2-1.FC3.1.noarch.rpm 
logwatch-5.2.2-1.FC3.1.noarch-hexedit.rpm
# md5sum logwatch-5.2.2-1.FC3.1.noarch*
a00bb258185c048fa179a8c015efdab7  logwatch-5.2.2-1.FC3.1.noarch-hexedit.rpm
a00bb258185c048fa179a8c015efdab7  logwatch-5.2.2-1.FC3.1.noarch.rpm


# hexedit logwatch-5.2.2-1.FC3.1.noarch-hexedit.rpm
[...]
# md5sum logwatch-5.2.2-1.FC3.1.noarch*
307dbab2caa82e62740c1849a30fe7a1  logwatch-5.2.2-1.FC3.1.noarch-hexedit.rpm
a00bb258185c048fa179a8c015efdab7  logwatch-5.2.2-1.FC3.1.noarch.rpm

# rpm -Uvh --test logwatch-5.2.2-1.FC3.1.noarch.rpm 
Preparing...                ########################################### 
[100%]
        package logwatch-5.2.2-1.FC3.1 is already installed
# rpm -Uvh --test logwatch-5.2.2-1.FC3.1.noarch-hexedit.rpm 
Preparing...                ########################################### 
[100%]
        package logwatch-5.2.2-1.FC3.1 is already installed



# hexedit logwatch-5.2.2-1.FC3.1.noarch-hexedit.rpm
[...]
# md5sum logwatch-5.2.2-1.FC3.1.noarch*
3a9badb69d9047f9205412db801e1c70  logwatch-5.2.2-1.FC3.1.noarch-hexedit.rpm
a00bb258185c048fa179a8c015efdab7  logwatch-5.2.2-1.FC3.1.noarch.rpm

# rpm -Uvh --test logwatch-5.2.2-1.FC3.1.noarch-hexedit.rpm Fehler: 
logwatch-5.2.2-1.FC3.1.noarch-hexedit.rpm: V3 DSA signature: BAD, key ID 
4f2a6fd2
Fehler: logwatch-5.2.2-1.FC3.1.noarch-hexedit.rpm cannot be installed

-- 
shrek-m

More information about the fedora-test-list mailing list