On Wed, 12 Nov 2008, Troy Dawson wrote:

> Hi,
> Since we have a month to test this, can you send me the exact rpm version and 
> the version of linux that you sign them on.  We'll give it a shot.  We 
> haven't tried signing the 1.6 jdk's, and if we can get it setup and tested, 
> that would be great.

I've never had an issue signing with the rpm binary from Red Hat 6 - RH version
6.0 I think.  Of course, I don't claim to have tried signing as many packages
as you and Connie would have :-)  and I've only used the  --addsign option.
Also, I don't know if there are any issues/dependencies on one's gpg signature.

The rpm binary I use:

$ md5sum ~/bin/rpm6
dcb99da4a08ee8376c671330845f0e57  /home/deatrich/bin/rpm6

$ ls -l ~/bin/rpm6
-rwxr-xr-x 1 deatrich deatrich 757920 Apr 19  1999 /home/deatrich/bin/rpm6

$ file  ~/bin/rpm6
/home/deatrich/bin/rpm6: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.0.0, statically linked, for GNU/Linux 2.0.0, stripped

Randomly signing a package:
$ rpm6 --addsign java-1.5.0-sun-1.5.0.14-1jpp.x86_64.rpm 
Enter pass phrase: 
Pass phrase is good.

# rpm --checksig java-1.5.0-sun-1.5.0.14-1jpp.x86_64.rpm 
java-1.5.0-sun-1.5.0.14-1jpp.x86_64.rpm: sha1 md5 gpg OK

cheers,
  denice
-- 
deatrich @ triumf.ca, Science/Atlas         PH: +1 604-222-7665
<*> This moment's fortune cookie:
It is easier to fight for one's principles than to live up to them.
                 -- Alfred Adler