Daniel Alley
Daniel Alley
Am I correct in thinking that generating the metadata requires deep inspection of the RPM file, so it needs to be available?
Yeah, I'm curious how much time it would actually save (not that the feature isn't a good idea necessarily). The bottleneck is almost certainly going to be unpacking the RPM...
This would be very useful for Pulp. We already have an way to accomplish this but it basically involves providing your own signing shell script. An "official" mechanism that can't...
@kontura This would be useful for Pulp - it's possible that the functionality is already available in librpm via python bindings, but the documentation pages for those appear to be...
Question: Is there any signatures or other relevant tags (current or future) that you might be interested in @sdherr, that aren't available in the version of RPM currently present on...
@kontura Is it generally true that all of the packages in a distro, be it Fedora X or RHEL Y, are signed with one key and have one specific signature...
I believe `SIGPGP` and `SIGGPG` are deprecated and newer versions of RPM don't output them, if I am reading this correctly. https://github.com/rpm-software-management/rpm/discussions/2374#discussioncomment-5224278 The header contains metadata on the payload including...
@DemiMarie Do you have any insight on these questions?
@DemiMarie Is it guaranteed that a RPM has one and only one signature? e.g. is it possible for an RPM to simultaneously be signed by an RSA key and an...
I'm happy to assume it doesn't happen, then.