/proc/4/root/usr/share/doc/rpm
This explorer reads the filesystem of the server it runs on, so /workspace/user isn't present here. Browsing and the terminal still work against this server's own disk from /.
/*! \page signatures Signature header The 2.1 release of RPM had a few improvements in the area ofdigital package signatures. The usage of PGP has been cleanedup and extended, the signature section in the RPM file formathas been made easily extensible with new signature types, andpackages can have multiple signatures. \section signatures_pgp PGP Legacy usage of PGP in rpm-2.0 was cumbersome, and only supported1024 bit keys. Both of these problems have been corrected in rpm-2.1. Whereas previously you needed many rpmrc entries to clue inRPM about keyring locations and such, RPM now behaves as PGPusers would expect. The PGPPATH environment variable can beused to specify keyring locations. You can also use a"%_pgpbin" line in your macros file to specify a different valuefor RPM to use for PGPPATH. If neither of these are used PGPuses its default ($HOME/.pgp). If you just want to verify packages, you need to supply valuesfor the macros\verbatim %_pgpbin the path to the pgp executable %_signature the type of signature to use\endverbatim In order to be able to sign packages, you may also have tosupply values for\verbatim %_pgp_name the pgp signature to use for signing %_pgp_path the path to the key ring\endverbatim \section signatures_signing Signing Packages Signature creation is the same as previous releases: just adda --sign to your build command line. You can sign a packageafter the package is built with: \verbatim rpm --resign <package>\endverbatim Using --resign removes any previous signature in the package.To *add* a signature to a package, leaving all existingsignatures use: \verbatim rpm --addsign <package>\endverbatim RPM always creates MD5 and SIZE signatures when it buildpackages, which means that packages built without --sign canbe "verified" to some extent. The MD5 signature should catchproblems like corrupt packages, faulty downloads, etc. \section signatures_verifying Verifying Package Signatures Package signature verification is the same as previous releases: \verbatim rpm -K <package>\endverbatim RPM will verify every signature in the package, which may includemore than one PGP signature. The output indicates what types ofsignatures are being checked. If any checks fail you'll see a"NOT OK" message, and you should be worried. If you have a package with PGP signatures, but don't have PGPinstalled, but still want to verify it as much as possible, youcan do: \verbatim rpm -K --nopgp <package>\endverbatim That will cause RPM to skip any PGP signatures, but still checkany others (currently only MD5 and SIZE). */