Old good rpm-4.0.4 used to have the following feature: $ rpmsign -K --define '__gpg_verify_cmd %__gpg --batch --no-verbose --verify --status-fd=1 %__signature_filename %__plaintext_filename' \ vitmp-1.0-alt4.qa1.src.rpm | \ sed -n 's/^\[GNUPG:\] VALIDSIG [[:xdigit:]]\+ [^ ]\+ \([[:digit:]]\+\) .*/\1/p' 1366322522 An analogue is needed in the brand new rpm suite to implement SOURCE_DATE_EPOCH forwarding from signed srpm packages to hasher.
Looks like we can follow a simpler route and just use buildtime of signed srpm packages to implement SOURCE_DATE_EPOCH support.
