On Wed, 5 May 2010 03:11:53 -0400, Darr wrote:
On Tue 04 May 2010 @ 08:59:01 zulu, Michael Schwendt scribed:
>
> And those checksums are independent from the GPG signature
> (here done with key ID a109b1ec). That means, you can sign the
> package with a different key and still get the same internal RPM
> checksums. Only the file's checksum will differ, and that's the
> one that enters the repodata.
non-sequitur.
I don't see what that proves, since all the other files appear to have been
signed with key ID a109b1ec, too.
Prior to running createrepo or afterwards?
So, why would the checksums in the
repodata's primary.xml files be wrong for only those debuginfo packages?
It could be that those packages have been signed (or resigned) without
rerunning createrepo.