From 3ff51fabb32a21d6b0815c6261704bc0d52cfb1e Mon Sep 17 00:00:00 2001
From: Florian Festi <ffesti@redhat.com>
Date: Thu, 18 Jul 2019 07:45:53 +0200
Subject: rpmsign man page: Add line about rpmsign requiring a valid checksum

and the limitations in FIPS mode

(cherry picked from commit be3347b5bff6142e86e533174fe0ec352405d159)
(cherry picked from commit d615098e4ea8937dd63291f6b2008253733632b7)
---
 doc/rpmsign.8 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/doc/rpmsign.8 b/doc/rpmsign.8
index 80ffb6a32..d895a3b8c 100644
--- a/doc/rpmsign.8
+++ b/doc/rpmsign.8
@@ -21,6 +21,9 @@ options generate and insert new signatures for each package
 existing signatures. There are two options for historical reasons,
 there is no difference in behavior currently.
 
+To create a signature rpm needs to verify the package's checksum. As a result
+packages with a MD5/SHA1 checksums cannot be signed in FIPS mode.
+
 \fBrpm\fR \fB--delsign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
 
 .PP
-- 
cgit v1.2.1