From ed457c89869dc4a3d4100a36c1aa798882ac4339 Mon Sep 17 00:00:00 2001
From: Tomas Kopecek <tkopecek@redhat.com>
Date: Jan 19 2022 12:12:00 +0000
Subject: PR#3218: doc: additional explanations for RPM signatures


Merges #3218
https://pagure.io/koji/pull-request/3218

---

diff --git a/docs/source/signing.rst b/docs/source/signing.rst
index cbc101f..5bbcd96 100644
--- a/docs/source/signing.rst
+++ b/docs/source/signing.rst
@@ -38,7 +38,8 @@ the public GPG key into their RPMDB::
       Payload SHA256 digest: OK
       MD5 digest: OK
 
-Note there is no "RSA/SHA256 Signature" header field on the RPM here.
+Note there are only "digest" fields here, no "Signature" fields since this RPM
+is unsigned.
 
 *Example: A GPG signature that rpmdb DOES trust*::
 
@@ -70,6 +71,9 @@ A lower-level command that shows the signature on an RPM file (the
 
     rpm -q --qf '%{NAME} %{RSAHEADER:pgpsig}\n' -p python-routes-2.5.1-1.el8.src.rpm
 
+Learn more about RPM signatures and digests in `RPM's reference manual
+<https://rpm-software-management.github.io/rpm/manual/signatures_digests.html>`_.
+
 Uploding signed RPMs to Koji
 ----------------------------