The rpm --checksig verification function appears to be broken. (I am using RH 7.3 and rpm-4.0.4-7x.18) I changed one byte in an rpm file using hexedit then ran rpm --checksig. rpm sitll printed out: "md5 gpg OK"
Here is what I did: cp xchat-1.8.9-1.73.0.i386.rpm xchat-1.8.9-1.73.0.i386.rpm.org rpm --checksig xchat* xchat-1.8.9-1.73.0.i386.rpm: md5 gpg OK xchat-1.8.9-1.73.0.i386.rpm.org: md5 gpg OK using hexedit I changed byte 0x46 to 0x22 (it was 0x00) in xchat-1.8.9-1.73.0.i386.rpm md5sum xchat* c093c11676488e922ca227aa050916d9 xchat-1.8.9-1.73.0.i386.rpm bc85e6662044a386ce35b472635444fa xchat-1.8.9-1.73.0.i386.rpm.org The files are different so md5sum difference is expected. However look at rpm --checksig: rpm --checksig xchat* xchat-1.8.9-1.73.0.i386.rpm: md5 gpg OK xchat-1.8.9-1.73.0.i386.rpm.org: md5 gpg OK WHY DIDN'T rpm --checksig INDICATE AN ERROR IN xchat-1.8.9-1.73.0.i386.rpm ? I use rpm --checksig to find corrupted rpm files. Now how do I do it? Richard -- redhat-list mailing list Unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
