[CentOS-devel] signing drpms

Wed Sep 28 15:13:44 UTC 2011
Jeff Johnson <n3npq at mac.com>

On Sep 27, 2011, at 8:17 PM, Karanbir Singh wrote:

> hi
> 
> I've noticed that no one seems to be signing drpms. Is there a reason
> for that ? or is it just down to inconvenient ( its a bit messy needing
> to get drpms into secure-box type environments ), and of academic
> interest ( in that the re-assembled rpm will be signed, and need to go
> through a verify process ).
> 

drpms are a binary patch to *.rpm … after application the patched end result
*.rpm has digests and (if present in the original) a signature.

You will have to look at yum to detect how/where/if that signature is verified
after drpm patching.

Additional signatures for drpm patches could be done. yes very messy
and overly complex as a distribution means. rsync of *.rpm instead of drpm
is perhaps sounder/saner/simpler approach to distributing software. drpms
are focussed on minimum bandwidth usage as highest priority.

73 de Jeff