Comment 4 for bug 651483

(In reply to comment #5)
> Have you tested the yum-verify plugin in later Fedora? Is this closer to what
> you need?

I don't think so at first blush:

from man yum-verify:
"verify-rpm
    Is meant to be 100% compatible with rpm -V output, and any differences should be considered as bugs."

on my test machine - "rpm -V" results:
[root@hugo pluginconf.d]# rpm -V auditproxy
CAP_AUDIT_WRITE not set
error: %verify(auditproxy-1.0.0-5.fc9.x86_64) scriptlet failed, exit status 1
CAP_AUDIT_WRITE not set
error: %verify(auditproxy-1.0.0-5.fc9.i386) scriptlet failed, exit status 1

and "yum verify-rpm results":
[root@hugo pluginconf.d]# yum verify-rpm auditproxy
Loaded plugins: refresh-packagekit, verify
verify-rpm done

After reading the config files which discuss highlighting, etc. maybe there is an error in my config (since I see no highlighting). But I doubt it would solve the real problem, in the original description, about prelink. After we install an rpm, the prelink daemon will find the executables installed and prelink them for us. If we've assigned a CAP to that executable, which we check in the rpm "%verify" scriptlet, after the prelink we no longer have the CAP set on the file. That's one of the real issues for me. The other is file signatures/checksums which also change after prelink. I think there is a "undo" prelink option we could run prior to testing checksums, however that doesn't solve the CAP loss.