From 5196f73d5128003844df9f4501d876020c850571 Mon Sep 17 00:00:00 2001
From: Ken Dreyer <kdreyer@redhat.com>
Date: Fri, 14 Jan 2022 11:39:19 -0500
Subject: [PATCH 1/2] docs: explain "digest" vs "signature" fields for RPMs

---
 docs/source/signing.rst | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/source/signing.rst b/docs/source/signing.rst
index cbc101f9..4f2b2f04 100644
--- a/docs/source/signing.rst
+++ b/docs/source/signing.rst
@@ -38,7 +38,8 @@ the public GPG key into their RPMDB::
       Payload SHA256 digest: OK
       MD5 digest: OK
 
-Note there is no "RSA/SHA256 Signature" header field on the RPM here.
+Note there are only "digest" fields here, no "Signature" fields since this RPM
+is unsigned.
 
 *Example: A GPG signature that rpmdb DOES trust*::
 

From 7e6db4a51e7cf4b5fe875637f8633cfa060311be Mon Sep 17 00:00:00 2001
From: Ken Dreyer <kdreyer@redhat.com>
Date: Fri, 14 Jan 2022 11:39:48 -0500
Subject: [PATCH 2/2] docs: link to RPM cryptographic header documentation

---
 docs/source/signing.rst | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/source/signing.rst b/docs/source/signing.rst
index 4f2b2f04..5bbcd961 100644
--- a/docs/source/signing.rst
+++ b/docs/source/signing.rst
@@ -71,6 +71,9 @@ A lower-level command that shows the signature on an RPM file (the
 
     rpm -q --qf '%{NAME} %{RSAHEADER:pgpsig}\n' -p python-routes-2.5.1-1.el8.src.rpm
 
+Learn more about RPM signatures and digests in `RPM's reference manual
+<https://rpm-software-management.github.io/rpm/manual/signatures_digests.html>`_.
+
 Uploding signed RPMs to Koji
 ----------------------------