LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 03-18-2011, 03:45 AM   #1
kenneho
Member
 
Registered: May 2003
Location: Oslo, Norway
Distribution: Ubuntu, Red Hat Enterprise Linux
Posts: 657

Rep: Reputation: 40
Re-signing RPM v3 packages


Hi.


We're running RHN Satellite server to host RPMs for our RHEL servers,
and have created our own GPG key to sign any thirds party RPMs that we
want to upload to the Satellite server.
As most vendors seem to ship their RPMs signed with RPM v3 signatures,
we can't resign them with our own RPM v4 GPG key signature without
corrupting the RPM.

To overcome this we could install RPM v3 from source and use that to
sign our third party RPMs. As this software have dependencies to other
really old software (as Berkeley DB 1.85), it doesn't seem like the
best option. Is there any other way to re-sign RPM v3 packages,
without having to install RPM v3 (with all its dependencies), or
without actually having to install an old RPM-based distro that ships
with RPM v3?


Greetings,
kenneho

PS: I posted this on a Red Hat mailing list first, but posted it here since I didn't get any replies.
 
Old 03-19-2011, 05:47 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
AFAIK no as RPM is a binary format. Examining (ldd) SW that deals with the RPM format should show. (Ever thought about using virtualization?) Still I think it's an error to re-sign already signed SW.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Signing a .rpm.bin maitrey Red Hat 5 06-08-2009 09:05 AM
RPM 'failed dependencies': Why can I not install any rpm packages? leontini Linux - Newbie 7 09-16-2003 12:44 AM
error: cannot get exclusive lock on /var/lib/rpm/Packages error: cannot open Packages inward_eye Linux - Software 3 08-24-2003 03:07 PM
creating packages (.tgz/.deb/.rpm) How from the source packages? l_9_l Linux - General 1 03-06-2002 06:03 PM
rpm packages islandkid Linux - General 2 03-03-2002 04:52 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 03:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration