Unknown  0000:02:14 Q along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. "ˆl–äY>”ªi?u‰@ŠãmÜJbѿŠƒŒ¹Äà ˆ ƒ™s_•I|¥‰ÓMdœv ©ƒ&íK<óo¬ÅÄ  315_•I|¥‰ÓMjqØ‚¦ ë<óo¬ÆÅ"ˆl–ßi~” Ji?u2 [¸Ó÷ʘ´oÈ ƒmçEÇÆ ˆ ƒ™sÀÇÆ L/*! \page signatures Signature header The 2.1 release of RPM had a few improvements in the area of digital package signatures. The usage of PGP has been cleaned up and extended, the signature section in the RPM file format has been made easily extensible with new signature types, and packages can have multiple signatures. \section signatures_pgp PGP Legacy usage of PGP in rpm-2.0 was cumbersome, and only supported 1024 bit keys. Both of these problems have been corrected in rpm-2.1. Whereas previously you needed many rpmrc entries to clue in RPM about keyring locations and such, RPM now behaves as PGP users would expect. The PGPPATH environment variable can be used to specify keyring locations. You can also use a "%_pgpbin" line in your macros file to specify a different value for RPM to use for PGPPATH. If neither of these are used PGP uses its default ($HOME/.pgp). If you just want to verify packages, you need to supply values for the macros \verbatim %_pgpbin the path to the pgp executable %_signature the type of signature to use \endverbatim In order to be able to sign packages, you may also have to supply values for \verbatim %_pgp_name the pgp signature to use for signing %_pgp_path the path to the key ring \endverbatim \section signatures_signing Signing Packages Signature creation is the same as previous releases: just add a --sign to your build command line. You can sign a package after the package is built with: \verbatim rpm --resign \endverbatim Using --resign removes any previous signature in the package. To *add* a signature to a package, leaving all existing signatures use: \verbatim rpm --addsign \endverbatim RPM always creates MD5 and SIZE signatures when it build packages, which means that packages built without --sign can be "verified" to some extent. The MD5 signature should catch problems like corrupt packages, faulty downloads, etc. \section signatures_verifying Verifying Package Signatures Package signature verification is the same as previous releases: \verbatim rpm -K \endverbatim RPM will verify every signature in the package, which may include more than one PGP signature. The output indicates what types of signatures are