On 02/27/2012 09:01 AM, Dmitry Butskoy wrote:
>>
>> Can I have you check again with rpmdev-checksig?  The zlib rpm you
>> listed below is signed by TUV and by SL, perhaps it is only checking the
>> one key.
>
> Could you please explain how you sign these packages?
>
> According to the rpm(8) man page,
>> SIGNING A PACKAGE
>> rpm --addsign|--resign PACKAGE_FILE ...
>>
>> Both of the --addsign and --resign options generate and insert new sig‐
>> natures for each package PACKAGE_FILE given, replacing any existing
>> signatures. There are two options for historical reasons, there is no
>> difference in behavior currently.
>
> Note "replacing any existing signatures". IOW, after SL-sign, any 
> previous TUV-sign data should be removed, isn't it?
>
> A broken "rpm -K" behaviour breaks my scripts and certainly I'm 
> impressed a little... :-/
>
>
> Regards,
> Dmitry Butskoy

We are just running rpm --addsign

Pat

-- 
Pat Riehecky
Scientific Linux Developer